These viruses are incredibly nasty, and it seems that most antivirus applications cannot stop them, or simply cannot keep up with the increasing number of variants of the virus. Given the money that antivirus companies charge for their applications, I'm not sure why they still seem unable to combat them, and find it frustrating that they don't.
So how do you get infected with a cryptolocker/ransomeware virus? In most cases users are tricked into running an application that contains the malicious code that encrypts your files. The application is normally sent as an attachment, or link/URL pointing to the application that is cleverly disguised as something else.
Some of the emails I've seen are from Australia Post, advising of a missed parcel delivery. From AGL sending you a link to your latest "Electricity Bill", or the Australian Federal Police with a link to a supposed speeding fine. Of course the best defense to these sorts of things is vigilance and common sense, and simply not opening these emails. Scrutinise everything is my best tip. There are normally a few things you can check/test if you're unsure about the legitimacy of an email you've received;
1. Emails sent from large companies like Australia Post, or AGL, will have a "From" address that contains their business name (eg. notifications@australiapost.com.au, or billing @agl.com.au). These cryptolocker emails will not have these full email addresses (see example below)
2. As I mentioned, common sense also plays a big part. Were/are you expecting a parcel/delivery from Australia Post? In Australia, speeding fines aren't issued via email, and they certainly aren't issued by the Australian Federal Police. And is AGL even your electricity provider? If you're not sure, you can always call these companies directly to check. A single phone call could save you alot of time, money and heart ache.
3. The emails will often have spelling or grammar mistakes which is a sure sign they are not legitimate.
If you do get infected with one of these encrytion viruses, in my experience it is unlikely (though not impossible) that you'll be able to get your files back, unless you are able to restore from a backup. Chances are by the time you realise you've been infected, all the files on your computer will be encrypted and no longer accessible.
You can quickly tell because the extension of the encrypted files will change to .encryted or .enc. A popup message will usually appear as well advising you that your files have been encrypted, and will provide a link/instructions on how to decrypt your files (via payment to the virus creator). The virus will scan all the files/folders on your computer, as well as any network/shared drives you have access to and encrypt all files it can find.
Decrypting your files
The following link contains some information/applications you can use to check if your encrypt files are recoverable. As previously stated, there are a large number of "variants" of the cryptolocker virus, some of which are able to be "cracked" using a special utility. You will need a copy of an encrypted file, and the unencrypted version of the same file in order for the process to complete. You can upload a sample and locate recovery tools (if available) from the below website:
https://id-ransomware.malwarehunterteam.com/identify.php
You can also follow this next link which has a full, detailed guide on removing cryptolocker, or other ransomware/malware from your computer if you do get infected. (Note that removing the virus/infection will not unencrypt or recover your files.)
https://malwaretips.com/blogs/malware-removal-guide-for-windows/
Backup Strategies
In my next blog post I will be outlining a free and easy way to implement a backup solution on your home laptop/PC. With the low cost of removable storage (eg. USB hard drives), and the increasing amount of personal photos/files stored on computers, a regular computer backup is a must do for all computer users!
