Stop the CryptoLocker Virus from infecting your PC.
Author: Neil Patterson ::
2024 Expertek
Views: 3641 - Updated 6/23/2015 9:42 am Print this tip
It's not very often that I am concerned about a virus or malware that is out there, however, having seen the damage that can be done, We are now offering a prevention utility that will help to stop cryptolocker from encrypting your data files. However, please keep in mind that once your system has been compromised, there isn't much you can do. This particular virus/malware has become so bad that on 11/5/13, US-CERT released a warning about it.
How it attacks: Cryptolocker arrives appearing to be an important company related document or form that you are required to open, fill out and return to YOUR company, such as an "Vehicle Use Authorization" or other noteworthy title, compelling one to open it. Unfortunately, this is not the PDF that you think you are opening, and the double-click action starts the exe installing their encryption engine. I've not heard whether or not a PDF comes up or not at this point, so it appears not to be the case. For a complete write up on Cryptolocker, read the full disclosure at BleepingComputer.com
This malware attacks and encrypts the following file types, by extension:
- Open Office Docs *.odt, *.ods, *.odp, *.odm, *.odc, *.odb
- Microsoft Office Docs *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst
- AutoCAD Data *.dwg, *.dxf, *.dxg,
- Word Perfect Office Docs *.wpd, *.rtf, *.wb2, *.mdf, *.dbf
- Graphics data types *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, *.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw,
- Web and security related files *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c.
- This list may not be complete...
When it finds a file that matches one of these types, it will encrypt the file using the public encryption key and add the full path to the file and the filename as a value under the HKEY_CURRENT_USER\Software\CryptoLocker\Files Registry key. Once infected, when you run any .exe, it will attempt to delete the Shadow Volume Copies that are on the affected PC. It does this to remove your ability to restore these backed up copies of your programs and data.
New information seems to pop up daily about this particular malware, and experts are expecting a new trend. READ MORE HERE.
As of 11/26, there is NO fix to get your data back, short of paying their extortion fees, which we do not endorse. Your only hope, should this virus attack your system is to turn it off immediately, to hopefully stop the encryption process before it gets too far along OR jumps off your system onto other attached PCs. This virus is also known to attack online file storage systems such as Dropbox where your cloud client runs as a drive letter-type connection to the files stored out in the cloud.
CryptoPrevent PRO is now (12/2014) available to the public via Expertek's Cloud Care Plus product. If you have questions about it, please Email us or stop by. Keep in mind this is a PREVENTION tool, it does no good after you've been infected.
This software was written by the folks at foolishit.com , and is being distributed here, with the CCP ONLY! Please note however, the only free support for this product is with the CCP WARRANTY, and due to the nature of this particular virus is limited in its scope. This protection is implemented by disabling encryption software from running or being installed on your windows PC thru the use of security policies. If you have trouble running certain encryption programs, you may allow then to run, via the included Whitelist Options program, simply navigate to indicate the executable that you wish to allow, select and save it.
The program can be easily disabled (*may require reboot), or uninstalled. Please note that uninstalling the product will remove the protections applied to your system prior to removing the software.
Back to the TechTips Index | CloudCarePlus Index
Did you enjoy "Cryptolocker"??
If you Liked it, SHARE IT!
Ask a question, or Leave a comment below!