Dealing with cryptolocker, Locky and other ransomware

The following is a short guide to help understand, avoid and attempt to recover files that have been damaged by ransomware. Variants of ransomware include Cryptolocker, Locky, Xorist, CryptorBit and Cryptodefence.

Ransomware Viruses are used as a way to extort money out of a person or company by encrypting and locking all of your PC or network files.  The malicious software then places internet links or text files on your PC with instructions on how to pay the ransom (most usually in the currency bitcoin)  It is a nasty strain of virus and can make its way into your network by seemingly legitimate means.

How does Cryptolocker get in to my network?

  • Emails from legitimate looking businesses containing attachments or links
  • Emails from known contacts that have been compromised by a virus
  • Downloaded from a malicious website
  • Security exploits and remote access via password spamming

By understanding the viruses entry methods we can begin to formulate a prevention strategy.

  • Education is key.  let your staff, family and friends know about the dangers of cryptolocker and what to avoid.  This is the most important thing.  please refer to the PSA at the bottom of this post.
  • Quality passwords. especially on PC’s and servers with remote access enabled. something with at least 7 digits with uppercase lowercase and symbols.
  • Constant rotating backups.  Cryptolocker can damage your backups when connected to an infected server or PC.   Multiple backups and offsite backups can make things much less stressful in the case of a ransomware attack

“I don’t care about prevention.  I have been infected and I need a way to recover my files.”

OK. prevention is great in hindsight but if you have been infected you have a few options.

  • Recover from the most recent backup you have.

Fantastic plan if you have a recent backup.  Recover and overwrite all of your encrypted files.  You win, they lose. not helpful at all if you either don’t have a current backup.

  • Cut your losses and start from scratch

Cryptolocker and other ransomware keys are amazingly complex and only a couple of the many variants have ever been decoded.  since this the encryption method has become much more advanced and complicated to unlock.  There may be a solution in the future but it is highly likely that the files will never be decrypted.

  • Pay your ransom

A lot of people ask whether they should consider paying their ransom.   Noone likes giving money to criminals but if is your only source of recovery and is the difference between losing every file you own the method must be considered.  Ransoms usually range between 500 US and 2000 US and are paid in the bitcoin currency.  Even if you have decided to pay you still face a small ordeal consisting of the following.

Sometimes the latest anti virus and the best network hardware and security settings can not help you. When you or an employee receives a legitimate looking email from a legitimate email address it is only education that can prevent Cryptolocker. Refer to our  post How to protect your PC from ransomware

Leet IT Provides network and computer support in Newcastle and the hunter Valley. If you require more information you can Contact Us






0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *