CybersecurityManaged IT Servicescryptolocker

If your business operates on Windows computers, be on the lookout. Cybercriminals created malicious computer software, called CryptoLocker, which attacks your computer, encrypts your data, and then demands you pay a ransom. Afterward, you have 72 hours to pay the ransom of at least $200 in bitcoins. If you do not pay the ransom on time, the price can go up to $2,000. Or do not pay and lose your data forever. This will not be an option if CryptoLocker encrypted files critical to operating your business, such as legal documents, payroll forms, and customer information.

How does CryptoLocker attack computers?

CryptoLocker attacks devices through phony FedEx and UPS tracking notices containing malicious attachments. When the recipient opens the email attachment, the malware will install on network drives, external hard drives, network file shares, and even cloud storage files. From there, the CryptoLocker malware will scan and encrypt documents, photos, music, and video files. Then, the victims will see a popup window notifying them that CryptoLocker encrypted the files, and they have 72 hours to pay the ransom, or the malware will delete the key that will decrypt all their device files.

How can you protect against CryptoLocker attacks?

  • Do not open attachments from an unknown sender. If you need to view an attachment from a known sender, save the files to disk before opening them.
  • Use email filtering software, such as Proofpoint. This type of software will scan for malware, including CryptoLocker, and then filter the bad emails out of your inbox.
  • Back up your important files to DVD, hard drive, and an offsite location, such as the cloud. Keep in mind if you are backing files up to the cloud, do not synchronize your files automatically, or else the process might replace the files with CryptoLocker-infected versions.
  • Disconnect your backup from your computing device until the next time you need it.
  • Have your IT provider enforce an email group policy preventing people from opening executable files, such as zip files. However, some cybercriminals are getting around this obstacle by password-protecting zip files.
  • Keep your antivirus and anti-malware software updated. Each update provides patches for detecting the latest virus and malware attacks available.
  • Use a next-generation firewall with an intrusion prevention system, such as SonicWALL. A traditional firewall involves keeping cybercriminals out of your networks. The next-generation firewall takes the traditional method a step further and incorporates anti-malware protection, plus user authentication, URL filtering, and application-level security.

The CryptoLocker ransomware encrypted my computer files. What should you do?

Unfortunately, there is no software available to decrypt files infected with CryptoLocker yet. Plus, the authorities do not have a way to track down these criminals, since the crooks frequently change their servers and accept a global currency as payment. Here is how to respond to a CryptoLocker attack:

  • Disconnect your corrupted device from the network and turn it off immediately. This will prevent other files and devices from infection.
  • If you have any recent backups, you can recover from the CryptoLocker malware much less painlessly. Use your antivirus software to clean out the malware, then copy the backed-up files to your hard drive.
  • If you do not have your files backed up, try using Windows System Restore. This feature will return your system files and settings to an earlier point in time.
  • Do not pay the ransom unless you have no way to recover your files. By paying the cybercriminals for their devious acts, victims are reluctantly encouraging a criminal operation to continue.
  • If you need the encrypted files and are willing to pay the ransom, do not clear out the CryptoLocker malware yet. You will need the infection to stay on the computer for the decryption key to work. Some bold CryptoLocker criminals have customer service sites set up to help people pay the 2-bitcoin ransom. If you miss the deadline, the ransom will increase to 10 bitcoins (equivalent to $2,000). In general, victims stated paying the ransom is effective in getting their files decrypted, especially since the criminals do not want to leave money on the table.

The best method of fighting CryptoLocker is prevention. SwiftTech Solutions, an managed it services provider, can analyze your IT systems and set up a network and computer security plan for your business so you can protect your critical business data.  If you are interested in these services, call 877-794-3811 or email for a free consultation.

Westervelt, R. 5 Ways To Defend Against Ransomware Threats. (2013, November 8). Retrieved from:
Weisbaum, H. CryptoLocker crooks launch ‘customer service’ site. (2013, November 14). Retrieved from:
Templeton, G. Cybercrime evolved: Cryptolocker virus gets user-friendly with brilliantly twisted update. (2013, November 14). Retrieved from:
United States Computer Emergency Readiness Team. CryptoLocker Ransomware Infections. (2013, November 5). Retrieved from:
Gephardt, B. Malware ‘CryptoLocker’ forces computer user to pay ransom for files. (2013, November 18). Retrieved from:
Neal, R. CryptoLocker Virus Infects 12,000 Computers In One Week: How Hackers Are Avoiding Detection. (2013, November 16). Retrieved from:
Abrams, L. CryptoLocker Ransomware Information Guide and FAQ. (2013, October 14). Retrieved from:
Orsini, L. How To Fight CryptoLocker And Evade Its Ransomware Demands. (2013, November 8). Retrieved from: