CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. CryptoLocker is spreading via various phishing campaigns, including some from legitimate businesses, or through phony Federal Express or UPS tracking notifications.  When a user opens such a message, CryptoLocker installs itself on the user’s system, scans the hard drive, and encrypts certain file types, such as images, documents, and spreadsheets.

When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. Currently it is difficult to prevent this with mere antivirus and post infection; it cannot be cleaned up with the normal tools such as malwarebytes or your normal antivirus tools.

Action you should take if you are infected:

  1. Immediately shut down your computer and disconnect any external media
  2. Call us as soon as you can

How you can potentially avoid infection:

  1. Stay patched: Keep your operating system and software up to date.
  2. Make sure your anti-virus is active and up to date.*
  3. Avoid opening attachments you weren’t expecting, or from people you don’t know well.
  4. Make regular backups and store them somewhere safe.
*Please note, currently no antivirus will remove this, nor will you be able to unencrypt the files. The only recovery at this time is to ensure you have a backup that you can access that also isn’t encrypted.