The Million Dollar Question: How Do I Remove CryptoLocker?

by | Oct 24, 2016

How To Remove CryptoLocker And Similar Forms Of Ransomware

CryptoLocker first appeared in the wild in late 2013, and has grown since then to become one of the world’s most persistent malware threats. Specifically, CryptoLocker is “ransomware”; once it is active, it targets certain types of commonly-used file extensions, such as documents and spreadsheets. CryptoLocker will connect with a remote server to encrypt these files with a password unknown to the victim. A message is then sent to the victim, demanding a certain amount of money in return for the password to restore access to the files. This has left IT executives around the world wondering is there a way to remove CryptoLocker?

Before a year had passed since it was first seen, CryptoLocker had infected half a million PCs worldwide. It is estimated to have infected multiple millions at this point. Variants of the original CryptoLocker that do the same thing have also become widespread, with two of the more commonly seen variants being Locky and CryptoWall. The original CryptoLocker is estimated to have racked up about $3 million in total ransom payments, with modernized variants of it adding tens of millions in additional payments.

Who Does CryptoLocker Infect?

The original version of CryptoLocker exclusively targets PC running Windows, as do just about all of its variants. In theory, ransomware fitting this profile can attack any version of Windows.

There is no known version of CryptoLocker for Macintosh computers, but there is a similar form of ransomware called OSX/Keranger that began appearing in early 2016.

CryptoLocker and its variants are most commonly installed by mass emails. They either target users who have their email clients set to open or run email attachments automatically, or they pose as a legitimate business or contact and attempt to get the victim to visit a URL which then forces the ransomware on the computer.

What Happens When You Are Infected? How do you remove CryptoLocker?

CryptoLocker hackers are surprisingly customer service oriented. Their modus operandi is to infect as many people as possible and convert as many of those as they can to payments, so they will generally ask for an amount they feel most people can afford without seriously considering replacing their computer — usually in the neighborhood of $500 or so, though they may try to extract as much as $10,000 if they find they are dealing with an organization that they believe to be well-funded.

They generally provide a message with detailed instructions informing you of the encryption, and will often provide a URL to decrypt one file for free to verify that it will work for the others. Some even provide “trouble ticket” systems and FAQ pages as if you were shopping at an online store! They almost always keep their word and pass along the encryption key once the ransom is paid, in a bid to ensure their future “customers” are willing to pay.

YOU MIGHT ALSO LIKE:  The 9-Point Checklist for Disaster Recovery Plans

Given all this, in late 2015 the FBI issued a statement advising those infected with most forms of ransomware to simply pay the ransom if they could afford it. These criminals are generally untraceable and well beyond prosecution in another country, and breaking the encryption is next to impossible if that particular form of ransomware has not been decoded by security professionals. However, they do also ask that victims contact them about it even if they decide to pay the ransom.

An Ounce Of Prevention Is Worth A Pound Of Cure

A data recovery specialist may be able to remove CryptoLocker or a variant form of ransomware, but it’s an expensive process and there’s often no guarantee of success. That’s why the authorities tend to suggest just paying the ransom, as it really is the most feasible way of restoring access.

The trick to beating ransomware is to not allow it to reach you in the first place, and to have a robust and continually updated backup system on hand if it does. Of these two measures, the backup system is the most important, as that ensures you can simply restore your files to their original state on your own if you’re hit.

We offer solutions that combine both of these preventive strategies, giving you ongoing backups of all your critical files plus monitoring by security professionals. Contact us to learn more.

Dale Shulmistra is a Business Continuity Specialist at Invenio IT, responsible for shaping the company’s technology initiatives -- selecting, designing, implementing & supporting business continuity solutions to bolster client operational efficiencies and eliminate downtime.

subscribe

Business Continuity Newsletter

Join over 17,000 subscribers and receive weekly business continuity news, tips & advice to protect your business.

You have Successfully Subscribed!