Cryptolocker- What Is It and How does It work


    Cryptolocker is a type of cryptocurrency-ransomware trojan that hit the web in September 2013. It is a type of ransomware that encrypts all non-executable and attacks Windows OS files on your computer.

    Therefore, it prompts that you have 72 hours to pay a ransom fee to get your data decrypted. The cryptolocker Trojan seeks to attack Windows operating system by encrypting all the files in the system using an RSA-2048 public key.

    Also, it is unique because it also attacks mapped and local network drives; making it one of the most malicious and sinister Trojans ever developed.

    The other thing that makes cryptolocker infamous is that you are asked to pay the ransom in cryptocurrencies like Bitcoin making the transaction untraceable.

    So, this highlights not only the need for better malware removal or virus removal tools but also the need for good computing habits.

    Therefore, let us discuss a bit more about the CryptoLocker ransomware.

    About Cryptolocker

    CryptoLocker is now a well-known piece of malware that can damage any data-driven organization. In this light, once cryptolocker executes the code; it encrypts all the files on network shares and desktops and holds them for ransom.

    It does this so that it prompts any user that tries to open/access the file to pay a fee to decrypt the data.

    Moreso, malware like CryptoLocker can enter a protected network via different vectors, including file sharing sites, downloads and emails. New variants have successfully eluded firewall and anti-virus technologies, and it is reasonable to expect that more will continue to emerge that can bypass preventative measures.

    In addition to limiting the scope of what an infected host can corrupt via buttressing access controls, corrective and detective controls recommended as the next line of defense.

    How Cryptolocker affects files

    CryptoLocker spreads through a botnet or by way of compromised email attachments. Once downloaded and activated, it searches for specific file types to encrypt using the RSA public key cryptography and then it sends the private key to some remote servers.

    So, it then prompts the system owner to pay a ransom to recover or decrypt his/her affected files. Therefore, failure to adhere to this will result in losing the private key.

    Furthermore, while the malware itself is not hard to remove, the affected files remain encrypted. On the time of the first outbreak, users who had no reliable backups had the choice of paying the ransom.

    They hoped that those behind the infection were honest enough to decrypt the affected files or accept their data as lost.

    However, today, there are now online tools that say they can decrypt files that have suffered encryption by CryptoLocker.

    How to prevent CryptoLocker

    Cryptolocker malware spreads through an email by using social engineering techniques.

    Therefore, below are some recommendations on how to avoid malware:

    • The more files your user account has access to; the more harm malware can inflict. Therefore, restricting access is a prudent course of action, as it will decrease the scope of what can be encrypted. Besides offering a line of defense for malware; it also mitigates potential exposure to other attacks from both external and internal actors.

    • You should take note of emails from senders you do not know, especially those with attached files.

    • Disabling hidden file extensions in Windows can also help recognize this type of attack.

    • You should always have a backing un system. Having a backup system in place for your critical files help to mitigate the damage caused not only by malware infections but also hardware problems or any other incidents as well.

    • Above all, if you become infected and do not have a backup copy of your files; please do not pay the ransom. That is NEVER a good solution, as it turns cryptolocker into a highly lucrative business model and will pave the way in the flourishing of this type of attack.