CryptoLocker is a ransomware virus that is designed to encrypt your data and try to sell it back to you, or else. Once your files are encrypted, there is no way to decrypt them without paying the ransom. Although Cryptolocker is a Windows malware, phishing attacks of this nature have compromised computers on other platforms, as well. Last year, 600,000 Macs worldwide fell victim to the . The Cryptolocker virus is spread through phishing email attachments or Botnets, and while easy to remove, affected files are left encrypted and unusable. The files with the following extensions are encrypted: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odc, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pdf, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, sr2, srf, srw, tif, wb2, wpd, wps, x3f, xlk, xls, xlsb, xlsm, and xlsx, and also files with names matchingthe patterns ????????.jpe, ????????.jpg, and img_*.jpg What to do? It is never advisable to pay the ransom, as there are no guarantees that the hackers will decrypt your files. Firstly, prevention is the best cure, and a good proactive offense is the best defense. The following steps are fairly obvious:
Do not open attachments that you weren’t expecting, or from people you don’t know well Keep your operating system and applications up-to-date with the latest patches and fixes, i.e Windows Updates, Adobe Flash, Java Keep your antivirus software current with the most recent virus definition files Run regular data backups As a compliment to the foregoing steps, ensure that: System Restore is enabled Mapped Drives are only connected when needed Whenever possible, use UNC paths (\\servername\sharename\path\filename) from the Run Command Line or Search window, to access network resources, instead of mapped drives USB external backup drives should be left disconnected when not in use Use data backup software that allows for data to be archived in file extension formats that CryptoLocker ignores (see list of targeted extensions above) File extensions view is enabled. Without that view, a downloaded file from an email or external source might appear like this example, mayreports.pdf, when thefilename is actually mayreports.pdf.exe Data backup routine is enhanced by adding Disk Imaging While no preventative measures can be fully guaranteed against CryptoLocker, data recovery is assured by following the System Restore and backup suggestions above. For more information on CryptoLocker, checkout the info page, or visit us at for further assistance.