The Cryptolocker Virus, also known also as a ransom virus, acts by encrypting the files stored on a computer, rendering them illegible. The purpose of the cyber criminals who developed it is to demand a cash ransom from victims in exchange for the decoding of their documents. This virus is almost always spread via a direct web attack.
This attack is carried out by a hacker, who, once he has taken control of the device, is able to deactivate security systems and transmit the virus. This is the most dangerous scenario. In cases like that, the device is under the complete control of the cyber criminals, who can then ‘work’ on all the files including back-up.
Another significant method of transmission is through links or attachments sent via email. In such cases, all you have to do is click on a link or open a document and the virus will start to encrypt all files stored on the device in question. There is also another method of transmission, which is contamination from infected web pages. In that case, the cyber criminals exploit remote connections which have overly simplistic passwords.
Regardless of the method of infection, the damage caused is much the same and consists of:
- Encryption of files stored on the device’s Hard Disk. Especially vulnerable are file types .DOC, .DOCX, .XLS, .XLSX, but also pdf and jpg files:
- Encryption of files stored on any storage device connected to the computer at the time of infection;
- Encryption of all network files stored in folders shared with other devices.
What you should know in order to protect yourself
In order to defend against Cryptolocker Virus, it is essential to know that encrypted files are partially re-written using a different code, featuring a different key for each different device. This key is secret and is known only to the hackers who created the virus.
Rebooting the computer is useless. Each time in fact, the virus reactivates and continues its work. If you notice that your laptop has been infected, it is better to keep it switched off. If you work with files shared on NAS, it is advisable to isolate the infected device, so as to avoid the virus spreading.
In order to protect yourself, it is essential to carefully verify the senders of emails you receive. A lot of infected messages originate from existing accounts of people we know. An example of was the theft of address lists from Libero Mail, with a self-sending virus which infected a huge number of users’ personal address lists. If you are in any doubt about a message from a familiar address, the best thing is to check with the sender immediately to find out if it was really sent by them.
If a suspicious email contains a link, it is essential not to click on it, at least not straight away. Before proceeding, it is advisable to carry out a check of its consistency and look out for any strange characters. Another tip is to check the domain name ending, as well as spelling in the message. Emails infected by Cryptolocker can often be identified by spelling errors in the text caused by the hackers’ use of overly basic translation programs.
In addition, affected emails almost always include attachments. If in any doubt about their security, it is essential not to open them. This sensible rule applies even if the sender is known to you, such as your own bank.
Very often in fact, ransomware such as Cryptolocker mimics the tone of voice and graphics used by well-known companies very closely, including however errors in the text and inconsistencies in the domain: signals which should set off alarm bells and make you delete the message.
Translated by Joanne Beckwith