Viruses, diseases and bacteria evolve in our natural world, so it’s only fitting that malware, hacker scams and computer viruses evolve too. By now, you’re hopefully familiar with the Cryptolocker virus, a type of ransomware that will hold your files hostage until you pay a ransom in the form of currency and/or Bitcoins. However, the latest versions show that it has become smarter – which can be a bit scary for MSPs and IT security professionals.
How Has Cryptolocker Changed?
While the computer virus isn’t evolving on its own, hackers have adapted the scam in hopes of increasing its effectiveness.
The latest version now lets you view a list of your encrypted files and gives you the option to decrypt one of them completely free of charge. What a deal, huh?
Here’s an example of one of these scams. Notice the “One free decrypt!” button below the timer.
Why One Free Decrypt?
Cryptolocker does a very effective job at scaring you into paying the ransom. They threaten to double the cost to unlock every 24 hours, and also say that the private decryption key will delete in 30 days, creating a sense of urgency.
But who actually trusts a piece of malware to say it’ll do what it’s going to do?
Well, that’s exactly the goal of this “One Free Decrypt” option. If a user can safely decrypt one of their files, it helps them trust the program. They may say to themselves, “Hey, this program may actually give me my files back at the end of this.” Instead of risking their files being lost forever and/or the price doubling, the user may just pay the $500 ransom fee in hopes of being done with it.
I can’t stress this enough: DON’T PAY!!! No matter how many free files they give you back.
What to Do If You Are Infected
Think it can’t happen to you? It happened to the City of Detroit. Ransomware can hit anyone and it’s important to know what to do if you are infected.
I wrote a blog on this topic about a year ago and provided 4 steps to take after a Ransomware infection. These same steps still apply for the newer versions of Cryptolocker.
Here’s a quick recap from that post.
- Ignore the ransom demand - Don’t even think about paying the ransom. There’s no guarantee they’ll return your files after and it could just lead to you becoming further infected.
- Remove the Ransomware from your computer – While Cryptolocker may seem threatening, it’s just like any piece of malware. There are a number of companies and tools that specialize in removing malware. It’s wise to remove the Ransomware as soon as possible in order to minimize the risk of your device becoming further infected.
- Update your antivirus, anti-malware software and patch your OS – If you became infected, there’s a good chance it was because your protection software was out-of-date. Make sure you update immediately after an infection of any kind.
- Update your passwords – There’s no telling what sorts of info the malware program had access to while your device was infected. Changing your passwords is a good idea in order to ensure additional security moving forward.
For more info on these steps, you can check out my original blog post.
Always Backup Your Files
Another important tip to remember is to always backup your files. There’s a good chance that you will suffer some file loss and/or damage after an infection, which is why you should always have backups on an external system, either another hard drive or in the cloud – or both. If your files are taken hostage, they will be safe in another location.
I wrote another blog post about how to avoid a Cryptolocker infection, which provides some proactive measures you can take to help prevent an infection. I recommend giving that one a read as well.
Malware is constantly changing. Hackers are smart and have many strategies for infecting machines. Additionally, most of these scams try to take advantage of human error, rather than errors in security software. It’s important to stay aware of the most relevant and most common forms of malware in order to best protect yourself. Also, be sure to keep your security software and OS patches up-to-date, as those are often updated based on recent security vulnerabilities.
Lastly, if you do find yourself infected with Cryptolocker, DO NOT PAY! Follow the steps above ASAP and you should be able to get your files back with minimal damage.