Posted by 2016tnd@admin on Tuesday, September 1, 2015

How to Avoid Falling Victim to the CryptoLocker Trojan

CryptoLocker encrypts and blocks access to users’ files and then requests a ransom, with a 72-hour time limit for payment. If payment is not received within the set timeframe, the encryption key is destroyed, rendering the files unrecoverable.

CryptoLocker employs social engineering tactics to con users into executing the program. Victims receive an email with an attached ZIP file, allegedly sent by a logistics company. The virus runs when the user opens the password-protected ZIP file, using the password included within the message.


Inside the ZIP file is an executable file disguised as a PDF, and as soon as that file is executed, the Trojan becomes resident in memory and performs the following actions:


1. It saves a copy of itself to a folder on the user’s hard drive

2. It adds a registry key that ensures it is executed each time the computer boots

3. It spawns a duplicate process of itself, to protect the main process from termination


The malware then encrypts selected non-executable files on the user’s computer, and on every network drive the computer is connected to. Once all files that meet the Trojan’s conditions have been encrypted, it displays a message demanding a ransom payment.


Although CryptoLocker itself can be easily removed, the files are encrypted using a technique that is practically impossible to crack. Some victims claim that paying the ransom still didn’t result in the files being decrypted.


The success and notoriety of CryptoLocker has spawned several copycat ransomware Trojans including CryptoWall and TorrentLocker.


To avoid exposure to these Trojans, the following precautions are recommended:


1. Never open attachments within emails from senders who you don’t recognise.

2. Configure Windows to show file extensions – this ensures you won’t mistake executable files for PDFs

3. Use anti-virus, anti-malware and anti-spam protection

4. Always maintain a regular backup of your critical data

5. If you do become infected, don’t pay the ransom, as this only encourages further attacks

Tagged in:
Share on FacebookShare on Google+Tweet about this on TwitterPin on PinterestShare on LinkedInShare on StumbleUpon
Enquire Now
  • 8 + 4 =
our clients

Thank you very much for the service Technetics Data Recovery provided and the patience with my procrastination! I happened to find your company online through Google, and gave it a shot. Thankfully I did, otherwise I would've ended up paying close to $2000 to have my HD revived! Fantastic value for money and the constant dialogue via phone calls and e-mail made the whole process extremely reassuring. I have already recommended Technetics Data Recovery to friends who have similar issues with their Hard Drives, so expect a few calls from them in the near future! Thanks again for a top-notch job, and (god forbid) it happens again, I'll be sure to contact Technetics Data Recovery again.


More clients