We have written a few articles regarding Malware (such as virus, spyware and adware). There has been an increase in a less common form of malware called ransomware. Ransomware was not very common because the creator of the ransomware had no way of forcing the computer user to pay the ransom.
A common form of ransomware was the “FBI Virus”. It was a popup that stated the user was involved in some illegal activities. Those activities were going to be reported to the FBI unless you paid a ransom. Often the “FBI Virus” screen would not allow the user to perform any other computer functions until the ransom was paid. While many considered this ransomware, if you brought your computer to a reputable computer repair center, they could remove this ransomware with little to no data loss or changes to your computer.
Cryptolocker is a new breed of ransomware. Once Cryptolocker infects a computer, it contacts it’s C&C (Command & Control). It generates a public/private cryptographic key for your specific computer, using very strong and standard RSA and AES 2048-bit encryption. The private key is only stored on the attacker’s C&C servers, but the public key is saved in a registry entry on your computer. After encrypting your files, Cryptolocker shows a screen warning you that you have 72 hours to pay either $300 or £200 in order to get your files back. This is just an example, and may change.
If you are infected with Cryptolocker, the first thing you should do is disconnect the infected PC from the internet. If Cryptolocker can’t access its C&C, it can’t encrypt files. Disconnecting the machine may prevent further files from being encrypted.
There are tools that may clean a Cryptolocker infection. They will not decrypt your data. Most victims are more concerned with recovering encrypted files. Unfortunately, you will not be able to crack Cryptolocker’s encryption. It uses a very strong and reliable public/private key implementation that is similar to what commercial encryption products use. It would take decades to centuries to crack today.
Rather, if Cryptolocker encrypts some of your files, you should check if you have a backup, as that is your best chance of recovering the lost data. That said, some victims have reported some success with using Windows’ built-in System restore features to recover some lost files, too.
If your machine is infected, it is best to disconnect your computer from the internet and bring it to a reputable computer repair center for repair.
Feel free to contact us if you have any questions or comments.
What is cryptolocker?
We have written a few articles regarding Malware (such as virus, spyware and adware). There has been an increase in a less common form of malware called ransomware. Ransomware was not very common because the creator of the ransomware had no way of forcing the computer user to pay the ransom.
A common form of ransomware was the “FBI Virus”. It was a popup that stated the user was involved in some illegal activities. Those activities were going to be reported to the FBI unless you paid a ransom. Often the “FBI Virus” screen would not allow the user to perform any other computer functions until the ransom was paid. While many considered this ransomware, if you brought your computer to a reputable computer repair center, they could remove this ransomware with little to no data loss or changes to your computer.
Cryptolocker is a new breed of ransomware. Once Cryptolocker infects a computer, it contacts it’s C&C (Command & Control). It generates a public/private cryptographic key for your specific computer, using very strong and standard RSA and AES 2048-bit encryption. The private key is only stored on the attacker’s C&C servers, but the public key is saved in a registry entry on your computer. After encrypting your files, Cryptolocker shows a screen warning you that you have 72 hours to pay either $300 or £200 in order to get your files back. This is just an example, and may change.
If you are infected with Cryptolocker, the first thing you should do is disconnect the infected PC from the internet. If Cryptolocker can’t access its C&C, it can’t encrypt files. Disconnecting the machine may prevent further files from being encrypted.
There are tools that may clean a Cryptolocker infection. They will not decrypt your data. Most victims are more concerned with recovering encrypted files. Unfortunately, you will not be able to crack Cryptolocker’s encryption. It uses a very strong and reliable public/private key implementation that is similar to what commercial encryption products use. It would take decades to centuries to crack today.
Rather, if Cryptolocker encrypts some of your files, you should check if you have a backup, as that is your best chance of recovering the lost data. That said, some victims have reported some success with using Windows’ built-in System restore features to recover some lost files, too.
If your machine is infected, it is best to disconnect your computer from the internet and bring it to a reputable computer repair center for repair.
Feel free to contact us if you have any questions or comments.
Recent Posts
Categories
Popular Post
Mining the alphabet soup for what matters
March 16, 2021Mining the alphabet soup for what matters
March 16, 2021Trying on technology
March 16, 2021Calander
Archives