CryptoLocker demands $300 ransom to get your files back

For the past couple of months a new, particularly nasty Trojan infection has been spreading via email.  If you become infected, a message will pop up on your screen saying that your files have been encrypted and that you must pay $300 within 72 hours.  If you do not pay within this period, the encryption key will be deleted from the criminal server and you will never get your files back.  The screen you will see will be similar to this:


If this occurs on your computer, disconnect any backup drives you have and any other networked PCs to avoid them from being encrypted as well.

I have now seen one case of this so far.  A small business had all of the files on one computer encrypted.  Four years work with no back up.  They decided not to pay.  After all, paying up only encourages the criminals and reports say that even if you do pay, you cannot be certain that your files will be decrypted.  It appears that there is nothing you can do other than to remove from the computer the Trojan that initially infected the computer and caused the problem.  Removing the Trojan does not decrypt the files.

The most likely way to get this infection is via email.  The business I mentioned received an email saying that it was from the delivery service UPS.  Unfortunately, as the business gets a large number of deliveries they didn’t think that it would be a phishing email.  And yes, it got around their old version of the free AVG antivirus.  An up-to-date security program might have protected them.

So, things for you to do and be aware of:

  1. Be very careful of emails, especially if you are not sure who they have come from and especially if they have attachments or web links.
  2. Make sure that you have a recent security program and that it has been kept up-to-date.
  3. Allow Windows updates to install as soon as they arrived.  Also, check whether the programs you use have any available updates.
  4. Keep your data backed up regularly.

If you want to read more about this infection here as a few links:  link 1   link 2   link 3   link 4