It seems to be spreading via social media and old school email Trojans. So, it can be avoided via email by not downloading any exe files via email. And if the file name contains .zip, walk away.
Removing it is the easy part. You can remove it with the Kickstarter program of Hitman Pro, or Malwarebytes Anti-Malware in safe mode. Both of these have been proven to work with CryptoLocker. And when I say that removing it is the easy part, I am not joking. CryptoLocker encrypts your files with RSA 2048 bit encryption. This type of encryption has never been broken before and likely will not be broken for at least 10 years. So... no decryption tool can be written in the foreseeable future.
But there is a possible way to recover your files. In select versions of Windows, (Vista and 7) you can restore your files to a previous state using Shadow Explorer. Shadow Explorer is a freeware program that you can find on the internet. It does nothing but access the file restore function of Windows which is built-in to System Restore. Be careful to restore your files to a date before the event.
On Windows 8, if you do not already have File History enabled, it is too late if you are infected. File History is disabled by default, but you can enable it by following the guides that Microsoft provides for enabling it.
If you do not have System Restore or File History enabled and you are infected, there is not much you can do. If there is no system restore point, then your only viable options left are to either pay the ransom, buy a new hard drive, or restore from a backup that you would need to have ahead of time.
If given the choice, I would buy a new hard drive rather then pay the ransom. You have no idea what you are funding when you pay the people who write the ransomware. And doing this only encourages these people to keep doing what they know is working.
However, I do understand the importance of restoring your files. And depending you the variant you have and what kind of hard drive you have, it can cost more to replace the hard drive then to pay the ransom.
Offline backups are the only surefire way to get all of your files back again. If you are now planing to do that in order to prepare for if you do get infected, I recommend an external hard drive. You can find one that holds 500 GBs for somewhere in the neighborhood of $50.
Thank you for reading. I invite readers to comment with any questions or comments.
And to those of you who have read every post I have written about this, I greatly appreciate it. I hope that this series of posts has not seemed boring or annoying. I really have tried to make it all nice and informative.
Thank You.
0 comments:
Post a Comment