Life After CryptoLocker — Is data recovery possible?

July 1, 2013

They say there’s fast, cheap, or good, and you can pick two. In September of 2013, Windows users discovered that sometimes you don’t get to choose any of those. In 2013 a ransomware trojan called CryptoLocker was distributed among a number of PC owners.

What is CryptoLocker?

CryptoLocker is a virus that disguises itself as a legitimate email attachment, which makes it hard to detect. Once it is activated, it will rapidly encrypt the main body of the computer’s personal files. When it is finished encrypting them it will post an alert informing the owner that they have 96 hours to pay a $300 ransom or lose all those encrypted files forever. This is a difficult virus to manage, like all viruses, but this one is particularly lethal. The sizable amount of money it demands partnered with the quickly shrinking deadline is more than most people can handle. CryptoLocker requires the $300 in Bitcoin or MoneyPak and that makes it very hard to track or reign in.

Are There Other Options?

Now, the question that presents itself now is: “Are there any other options?” The answer is yes, there are a few. Some are preventative measures and some are countermeasures. Typically the CryptoLocker comes in a email that looks like shipping notifications with a *.pdf or *.docx attached. Little does the user know that it has a double-extension *.pdf.exe, making it an executable file. There have been some individuals who have coded tools that stop the file before it starts encrypting. The easiest way is to stop your computer from downloading double-extension files. John Nicholas Shaw created a program to help computer users from downloading and opening virus files from unsuspecting emails. CryptoPrevent has already had over 10,000 downloads. Programmers have decided that trying to crack the encryption key is nearly impossible, and if possible a ‘brute’ force attack’ would take longer than the ransomers allow.

Another way to prevent the loss of your files is to have multiple backups of your computer. If the virus starts eating away at the files on your computer, disconnect it from the internet and shut it down. It will stop the process before it goes very far. So far there haven’t been any advances in being able to recover files already lost to the virus. Computer repair technicians have encouraged consumers to use cloud storage like dropbox or google drive. Tools like these ensure that no matter what is infected and deleted on your computer you can get it back safe and sound.

Finally, the last method is to use a computer that is not susceptible to these kind of virus attacks. Less than 1% of Macintosh computers get viruses. It is also been reported that machines running Windows 8 have not yet been affected. That doesn’t mean that they can’t or won’t, they just haven’t yet.