shadow_tr
Image of CryptoLocker ransomware message

Arm Yourself Against Cryptolocker Ransomware


Backing up is the best defense against ransomware

Posted: 01/24/2014

CryptoLocker is a ransomware infection that is growing in reported instances in the USA and Europe. Ransomware is malware that restricts access to infected computers and requires victims to pay a ransom in order to regain full access. CryptoLocker is particularly interesting in that it functions by encrypting victim’s computer files with a combination of very strong encryption algorithms. Once encrypted, victims are provided a window of time in which they can pay the actors to receive the key needed to decrypt their files.

Prevention

The following preventative measures are recommended to protect your computer from a CryptoLocker infection:

  • Be aware of the threat and do not open suspicious e-mails or unexpected attachments.
  • Verify the identity of the sender of any attachments, whether through an informal consistency check of the e-mail address and content of the e-mail or formal communication with the sender.
  • Perform regular backups of all files to limit the impact of data and/or system loss.
  • Secure open share drives by only allowing writable access to necessary user groups or authenticated users.
  • Unplug all external drives when not in use, especially backup drives.
  • Update all anti-virus programs and enable automatic updates for malware-signatures and software. McAfee recognizes CryptoLocker and will nullify the files
  • Ensure the timely updating/patching of all software by using automatic updating and/or patching.

Mitigation

If you believe your computer has been infected with the CryptoLocker virus:

  • Immediately disconnect your system from the wireless or wired network. This will prevent the virus from further encrypting any more files on the network.
  • Immediately turn off any data synchronization software that automatically synchronizes your data changes with other devices or computers. They may be useful, but can propagate the corrupted files, as the synchronizer will consider the newly CryptoLocker-encrypted versions the most recent version to back-up.

Tulane University’s Information Security Office has been taking steps to reduce the exposure of the University to CryptoLocker. We continue to update our protection and are proactive in blocking CryptoLocker sources. If you suspect you have been infected with CryptoLocker, contact Tulane University’s Network Operation Center Help Desk at help@tulane.edu or (504)862-8888.

Technology Services, Tulane University, New Orleans, LA 70118 -- TSNOC: 1-866-276-1428 -- help@tulane.edu