Cryptolocker Virus Definition

Cryptolocker is a malware threat that gained notoriety over the last years. It is a Trojan horse that infects your computer and then searches for files to encrypt. This includes anything on your hard drives and all connected media — for example, USB memory sticks or any shared network drives. In addition, the malware seeks out files and folders you store in the cloud. Only computers running a version of Windows are susceptible to Cryptolocker; the Trojan does not target Macs. Once your desktop or laptop is infected, files are "locked" using what's known as asymmetric encryption. This method relies on two "keys," one public and one private. Hackers encrypt your data using the public key, but it can only be decrypted using the unique private key they hold. The Cryptolocker virus will display warning screens indicating that your data will be destroyed if you do not pay a ransom to obtain the private key.

Common Infection Methods and Risks

The most common method of infection is via emails with unknown attachments. Although the attachments often appear to be familiar file types such as *.doc or *.pdf, they in fact contain a double extension — a hidden executable (*.exe). Once opened, the attachment creates a window and activates a downloader, which infects your computer. Because the program is a Trojan, it cannot self-replicate, meaning it must be downloaded to infect your computer. In addition to malicious email attachments, this malware may also come from websites that prompt you download a plug-in or video player. Typically, you will see nothing wrong with your computer until all files have been encrypted. Then, a warning will pop up indicating that you have been infected and showing a countdown timer until all your data is destroyed. Many antivirus programs can remove this Trojan, but are unable to decrypt your data. In some cases, users have re-installed the Trojan after removal in order to pay the ransom and unlock their data.

Protection from this ransomware starts with safe Internet use — don't open any attachments from unknown email addresses, even if they claim to be from your bank or workplace, and don't download any files from an unfamiliar website. If you believe you may be infected, run a full system scan using a reputable antivirus program. It may be possible unlock your files if you regularly use Windows System Restore to create restore points, but in some cases you may need to go even deeper and use a Rescue Disk utility. Here, a disk image of the Rescue utility is created and copied to a DVD or USB drive. You will then have to boot your computer using this external media, which disinfects the machine. Again, there is no guarantee of full data recovery.

Cryptolocker can cause serious damage to personal and business computers. By always creating a physically separate backup of critical files, regularly running antivirus scans and avoiding unknown email attachments, you can minimize the chance of infection.