CryptoLocker locks up your files, demands ransom

CryptoLocker, a new form of malware infecting computers nationwide, locks up files and holds them for ransom.

CryptoLocker, is not a myth or rumor, says Snopes.com, and it makes files "as good as deleted," unless you pay as much as $300 dollars or euros, according to Sophos, an Internet security provider.

A clock starts ticking on a warning that pops up, generally giving about three days before the personalized "key" that could unlock the files is "destroyed."

At risk are Windows-based PCs, apparently even those protected by antivirus software, because it's possible for users to ignore warnings about malicious websites or open innocent-looking but infected attachments to emails pretending to be from FedEx, UPS, a bank, or other business.

They might be disguised as .PDF files or as programs supposedly needed to view videos. ("These are typically encountered through Porn sites," says Bleepingcomputers.com.)

Although antivirus and anti-malware programs can easily remove CryptoLocker, they can't unlock the files.

CryptoLocker is a serious problem, but calling it "the worst virus ever" is misleading, if only because it's a form of malware called ransomware, not a virus.

"In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or other recovery software used to obtain 'shadow copies' of files," says MalwareBytes.org.

Clearly, prevention involves far fewer headaches.

As with any roundup of advice, like this one, realize it comes with no guarantees, which is doubly true with a threat like Cryptolocker, which is frustrating experts. Research any product, for example, before purchasing.

First of all, back up all your files, including images and spreadsheets, in a safe place separate from your PC or network. Try a portable hard drive that you habitually disconnect.  Or use a cloud-based service.

Make sure you have an antivirus program that can block compromised websites, set up a firewall for malicioius emails, and stop unauthorized messages being sent out from your computer. If you do have antivirus protection, be sure it's up-to-date, learn which features and  settings to use, and heed its warnings.

Also, update anything else that might warn, block, or have recently patched a vulnerability, including operating systems like Windows, browsers like Internet Explorer and Firefox, and video players like Flash, according to TheGuardian.com's "10 Ways to Beat Cryptolocker."

Two other suggestions from the Guardian article:

"Create files in the Cloud and upload photos to online accounts like Flickr or Picasa."

"Switch to a spam- and virus-filtered email service. Google Mail, for example, does not allow you to receive or send executable files (that can install viruses) as email attachments, even if they are hidden in zip files. (It also does not allow you to send them)."

Advanced users may be able to take advantage of more complex tips. For example: "You can use the Windows Group or Local Policy Editor to create Software Restriction Policies that block executables from running when they are located in specific paths," according to a BleepingComputer "information guide and FAQ."

Contact staff writer Peter Mucha at 215-854-4342 or pmucha@phillynews.com.