How to Deal with the Ransomware Called CryptoLocker

toggle-button
 
One of the worst threats from malware infections these days is “ransomware” (described in a previous tip ) and something called CryptoLocker is one of the most prevalent examples of ransomware. Everyone should be on guard against this pernicious malware. A valuable resource for dealing with CryptoLocker is the extensive guide put together by BleepingComputer at this link.
 
 Here is the Table of Contents:
  1. The purpose of this guide
  2. What is CryptoLocker
  3. Known file paths and registry keys used by CryptoLocker
  4. What should you do when you discover your computer is infected with CryptoLocker?
  5. Is it possible to decrypt files encrypted by CryptoLocker?
  6. Will paying the ransom actually decrypt your files?
  7. How do you become infected with CryptoLocker
  8. Known Bitcoin Payment addresses for CryptoLocker
  9. CryptoLocker and Network Shares
  10. What to do if your anti-virus software deleted the infection files and you want to pay the ransom!
  11. How to increase the time you have to pay the ransom
  12. Messages from the ransomware author and information about the CryptoLocker Decryption Service
  13. How to restore files encrypted by CryptoLocker using Shadow Volume Copies
  14. How to restore files that have been encrypted on DropBox folders
  15. How to find files that have been encrypted by CryptoLocker
  16. How to determine which computer is infected with CryptoLocker on a network
  17. How to prevent your computer from becoming infected by CryptoLocker
  18. How to allow specific applications to run when using Software Restriction Policies
  19. How to be notified by email when a Software Restriction Policy is triggered
  20. CryptoLocker 2.0: New version or Copycat?
  21. CryptoLocker Timeline
 
Please note that BleepingComputer makes the following comment:

“There is a lot of incorrect and dangerous information floating around about CryptoLocker. As BleepingComputer.com was one of the first support sites to try helping users who are infected with this infection, I thought it would be better to post all the known information about this infection in one place. This guide, or Frequently Asked Questions, will unfortunately not help you decrypt your files as there is no way to do so. Instead, this FAQ will give you all the information you need to understand the infection and possibly restore your files via other methods.

In many ways this guide feels like a support topic on how to pay the ransom, which sickens me. Unfortunately, this infection is devious and many people have no choice but to pay the ransom in order to get their files back. I apologize in advance if this is seen as helping the developers, when in fact my goal is to help the infected users with whatever they decide to do.”

Get your own favorite tip published! Know a neat tech tip or trick? Then why not have it published here and receive full credit? Click here to tell us your tip.

This tips section is maintained by Vic Laurie. Vic runs several websites with Windows how-to's, guides, and tutorials, including a site for learning about Windows and the Internet and another with Windows 7 tips.

Click here for more items like this. Better still, get Tech Tips delivered via your RSS feeder or alternatively, have the RSS feed sent as email direct to your in-box.

Please rate this article: 

Your rating: None
4.3
Average: 4.3 (10 votes)

Comments

Just 3 words: Sandboxie, Sandboxie, SandBoxie. (or another form of virtualization).

In November 2013 there was an article and a long thread about this...

As a result, I have been using CryptoPrevent from FoolishIT; I believe Nick, the developer, participated in that thread.

I have been pretty satisfied with it, it works, set it and forget it.

Lately, though, the administration of CryptoPrevent has become burdensome, at least on my machine.

CryptoPrevent has a manual update for non-premium users, it was simple, just click on the update link and it would go; it won't do this anymore, at least for me.

I now have to uninstall and reinstall, with multiple reboots. It works fine this way, just a tedious process.

I also realized that it has blocked all other software upgrades in the past couple versions.

I only figured it out by process of elimination.

I couldn't install Firefox 30, new versions of Flash and Reader, nor the new versions of Sandboxie and Winpatrol, couldn't install anything.

I now have to turn off the protection, reboot, download the new version of say Firefox, reapply the Crypto protection and reboot.

Again, a tedious process.

There are a couple whitelist options, one for .exe files already in blocked locations, and an advanced whitelist function with a multitude of options.

The whitelisting in CryptoPrevent seems counterintuitive to me, so I haven't done any whitelisting.

I trust the software, I trust Nick - his software also prevents other malware from getting in, this is another major reason I like what he developed.

The inability to download and install new software is problematic, the upgrade for CryptoPrevent itself, not so much, I can live with it.

For those who just want a quick way to protect against CryptoLocker, CryptoDefense and other ransomware, Surfright's HitmanPro.Alert is free and effective protection. (As far as I can see, it's mentioned only very briefly over at bleepingcomputer).

Note - it does NOT get rid of the infection (I've used Malwarebytes AntiMalware for that) - but it does stop the encryption.

It can be found at http://www.surfright.nl/en/cryptoguard

The table of contents above doesn't correspond with the one on bleepingcomputer.com - the one above omits the correct part 1. ("The purpose of this guide").

Thanks for pointing out the omission.