CryptoLocker is a ransomware trojan that encrypts data files on infected computers and then asks for money should users wish to restore them.
Email is the most common mechanism of getting this type of virus, whose actual payload is often hidden. For example, you can get an email containing:
- An executable file, with either .EXE, .COM or .SCR extension
- A zipped file containing an executable file
- A zipped file containing an HTML or a script file
In most cases, the icon of the EXE file mimics either a PDF document or a Text file in an attempt to make the potential victim think the file is harmless. Microsoft Windows, by default, hides extensions of known file types, which makes an EXE file look like a PDF document.
If the user tries to open this deceptive PDF file, the virus starts executing by first encrypting files on the network drivers and then finally on the local computer.
Once files are encrypted you will see additional files in every folder that is touched by the virus.
Contents of a sample file is shown below.
How to avoid getting CryptoLocker
A good email filtering solution, such as Xeams, is key to blocking such trojans. These email filters not only guard against suspected attached executables, they also look inside a zipped file to ensure it does not have an HTML that would take the user to a malicious website.
Xeams can be installed in front of your existing email server, such as Microsoft Exchange, with very minimal configuration to your actual mail server. It can optionally run in Firewall mode where it can monitor and filter emails coming in from the Internet and flag potentially dangerous emails.
Xeams comes built-in with several filters that can protect against emails containing malicious attachments. You can even configure it to use third-party virus detectors.
Prepare before it strikes
Another tool in your arsenal should be backup that allows you to go back a certain number of days, such as Syncrify. Many viruses are designed to stay dormant for some time, which makes it difficult to trace its sources. In such cases a file-level backup works better than a disk-image backup. Click here to read more about how to decide the best backup for your needs.
Among other features, Syncrify has an ability to create file version of your documents. This way, should you be infected with a CryptoLocker you can always restore files from a previous backup.
An interesting scenario could arise if a new backup overwrites previously backed up data. For example, if you have a schedule to run backup every night and the virus attacks on a week-end, it is quite possible to lose even the backed up data. In such cases, versioning comes in handy. When restoring files, users can specify the number of days to go back. As long as you have versioning enabled, you can still restore files from a backup.
Synametrics Technologies offer two solutions to fight against CryptoLocker virus.
- Xeams – which blocks malicious emails from getting all the way to your inbox
- Syncrify – which provides a backup solution allowing you to restore your documents to a previous version.