CryptoLocker Virus

This CryptoLocker virus has gained some steam and does not seem to be going away anytime soon.  The reason it's not going away and being adapted is the incentive the virus maker has; money.  

Bottom line:

Have backups that are offline and recent or you may be left with no data.  If your backup drive is plugged in, it also may become lost.

What does the virus do?

A compromised system's (server or desktop) files are encrypted by the virus and become inaccessible.  The 'key' to unlock the files is held by the malware server.  If you do not have a clean backup, then your only option is to pay the ransom and hope the server has not been taken offline by law enforcement.  If the server is online- it may take a few hours to a few days to obtain the unlock key.  If the malware server is offline and unable to deliver the unlock encryption 'key', you're out of luck.  Lost money, lost data.  

Can I break the encryption?  

As of right now, it's not practical to try.  Any type of 'cracking' typically ends up being something that takes time and lots of processing power.  Weeks, months, maybe longer.  Any living data would quickly become unusable as time passes.  If it's a business- you're losing money every minute your data is not available.

How to recover?  Paying the ransom might work.  Nobody wants to pay the bad guys. Prevention is the only real answer.  Knowing your security is up to date and your backups are working properly is the most valuable peace of mind.  

Have more questions?  Don't hesitate to contact us.