CryptoLocker: Avoid the Malware Trojan


Reviewing and maintaining the security of your systems including your anti-virus protection should be high on the list of priorities of any company – large or small. Often though, it takes the news of a business struggling to cope with the impact of a particularly nasty bit of malware to really focus the mind.

The latest doing the rounds is the malware Trojan, CryptoLocker (also known as Troj/Ransom-ACP) which has just hit a colleague’s business and left them with no access to any of their data. It’s all gone with no hope of retrieving it.

CryptoLocker will seek out every piece of data on an infected machine and encrypt so that it is unusable and, as the John Hurt voice-over once said, there is no known cure. Once it’s infected your machine it will display a page that demands $300/300 Euros to obtain the decryption key.

According to my contact’s IT Consultant, so far, no-one who has attempted to pay the “ransom” has received the decryption key and many have had their credit card details subsequently stolen. Unfortunately the company in question had not run a data backup for several months so there is no possibility of a roll-back.

According to Sophos, this type of malware Trojan is not new and was spread on the back of the AIDS information campaign in the late 80’s. Then it was distributed on a floppy disk in a postal campaign claiming to offer recipients important information on HIV.

Fortunately, because the encryption of the ’80’s variant was relatively simplistic, clean-up tools became readily available quite quickly.What makes CryptoLocker much worse (besides its improved distribution via email) is that its encryption is “by the book” according to Sophos – there is no way to decrypt your data once infected and Sophos has yet to find a back-door to break the encryption.

What should you do today?

  • Get your IT staff to review your systems security and make sure your company’s anti-virus protection is up-to-date. Also get them to scan for botnets– malware that might already be on your PCs that be used to deliver CryptoLocker.
  • Remind your employees to be careful about opening emails and visiting websites if they have even the slightest doubt as to their origin.



Leave a Comment

Your email address will not be published. Required fields are marked *