Posted by 2016tnd@admin on Tuesday, September 1, 2015

How to Avoid Falling Victim to the CryptoLocker Trojan

CryptoLocker encrypts and blocks access to users’ files and then requests a ransom, with a 72-hour time limit for payment. If payment is not received within the set timeframe, the encryption key is destroyed, rendering the files unrecoverable.

CryptoLocker employs social engineering tactics to con users into executing the program. Victims receive an email with an attached ZIP file, allegedly sent by a logistics company. The virus runs when the user opens the password-protected ZIP file, using the password included within the message.


Inside the ZIP file is an executable file disguised as a PDF, and as soon as that file is executed, the Trojan becomes resident in memory and performs the following actions:


1. It saves a copy of itself to a folder on the user’s hard drive

2. It adds a registry key that ensures it is executed each time the computer boots

3. It spawns a duplicate process of itself, to protect the main process from termination


The malware then encrypts selected non-executable files on the user’s computer, and on every network drive the computer is connected to. Once all files that meet the Trojan’s conditions have been encrypted, it displays a message demanding a ransom payment.


Although CryptoLocker itself can be easily removed, the files are encrypted using a technique that is practically impossible to crack. Some victims claim that paying the ransom still didn’t result in the files being decrypted.


The success and notoriety of CryptoLocker has spawned several copycat ransomware Trojans including CryptoWall and TorrentLocker.


To avoid exposure to these Trojans, the following precautions are recommended:


1. Never open attachments within emails from senders who you don’t recognise.

2. Configure Windows to show file extensions – this ensures you won’t mistake executable files for PDFs

3. Use anti-virus, anti-malware and anti-spam protection

4. Always maintain a regular backup of your critical data

5. If you do become infected, don’t pay the ransom, as this only encourages further attacks

Tagged in:
Share on FacebookShare on Google+Tweet about this on TwitterPin on PinterestShare on LinkedInShare on StumbleUpon
Enquire Now
  • 12 − 6 =
our clients

I was recommended to Technetics by a friend who recently used your services.We have been really impressed by Technetics staffs who assisted us the most with our data recovery.We were regularly updated via the phone and email regarding the process.Thanks to Technetics Data Recovery we managed to recover all of our holiday pictures and videos and have already recommended your company to many of our friends.Thanks again for a job well done.


More clients