What is Cryptolocker Ransomware?

cryptolocker-malware-laptopCryptolocker is a well known malware (software that does harm) of a particular variety: ransomware.  Some malware (like computer viruses) delete and destroy.  The hackers that create ransomware have other motivations: money.

Ransomware

Ransomware does something to your computer, and then demands a ransom payment to get your computer back to the way it used to be.

How does a computer get infected?

Because ransomware is software, it has to be downloaded to your computer and run there.  Often it gets packed with free software such as free games (evil hackers have no problem writing a game if it helps them install ransomware on your computer).  It can also get automatically downloaded if your web browser has a security vulnerability and you visit a web page with special code to attack that vulnerability.

To keep yourself safe:

  • Don’t download free software from companies you’ve never heard of.
  • Be very careful when visiting a website you’ve never heard of.  Some of the most dangerous are those that advertise free software or movies that normally have to be paid for.
  • Use a good anti-virus program
  • Make sure your operating system (Windows) is set to automatically install updates so it can protect itself from problems that get found later.
  • Use a good Internet Browser.  Do not use Internet Explorer versions older than version 11.

What does it do?

Ransomware can do many things.  The most popular attack is to encrypt your documents, pictures, spreadsheets, and other files.  Once the files are encrypted, you can’t use them or view them — they are basically locked, which is where the term Cryptolocker comes from.  A message is shown that demands you send money electronically for the decryption key.  If you pay, the decryption key will unlock your files and you’ll be able to use them again.  The ransom can be a few hundred dollars to many thousands of dollars.

Who gets attacked?

Pretty much everyone is vulnerable to this attack.  Businesses that have networks are in particular danger because once a single computer is infected on the network, that computer will begin to encrypt any other files that it can get to on the network.  There have been some cases of hospitals, school districts and many businesses getting hit by this.

How do businesses protect themselves?

Training users to be safe using the list above is the first step.  But despite best efforts, sooner or later, someone will slip and make a mistake.  Training requires everyone to act correctly 100% of the time.  The hackers only need a person to make a mistake once.

More and more businesses are turning to software to help protect them.   Software can watch for the encrypting activities and quickly alert IT staff of the attack.  Once IT knows, they can turn off or disconnect the infected computer to protect the rest of the files on the network.  To be able to do that, software needs to be able to report which computer on the network is attacking a server.  That’s why businesses are turning to PA File Sight — it can tell you what user is accessing files, and what computer they’re doing it from.

Simple Solution

We have a few other blog articles about how our customers are using PA File Sight to protect themselves.  We invite you to take a look 🙂

 


Posted

in

, ,

by

Tags: