A few months ago I was at the airport, ready for my 6:50 am flight. Yeah, that’s right. 6:50 AM. In the morning. I am going to be totally honest, I wasn’t even sure oxygen is out that early in the day, but evidently it is. Anyway, arriving in the terminal mere moments before my flight, it occurs to me I have but a brief chance to obtain caffeine before wheels up. Luckily, a Starbucks presented itself across the hallway. Ducking inside, I order an iced coffee, to which the barista replies “We’re all out.”
Me: “Oh, are you having a problem with the ice machine?”
Me: <Long Pause> “So…. are you out of coffee?”
Barista: “Nope, we have coffee. We usually make a batch of coffee and cool it down, but we don’t have any right now.”
Full disclosure: I am not a physicist. I have limited training in fluid thermo dynamics. I am not a barista.
Me: “Umm. OK. Can I have a regular coffee and a cup of ice then?”
Barista: “OK, here you go.” <Hands me a cup of hot coffee and a cup half full of ice. I drain the hot coffee into the cup with ice and hand back the hot coffee cup>.
I walked away celebrating my victory over inside-the-box thinking. And then I promptly spilled the coffee on my shirt. Oh yeah, and my flight ended up delayed for two hours.
Why did I just bore everyone with that story? To illustrate how annoying and aggravating today’s topic is. I’d rather repeat the iced coffee saga every morning than deal with this other thing.
Hopefully you never have to deal with Cryptolocker. It really is one of those don’t-even-wish-it-on-your-enemies kind of thing. But at some point you or someone you know will. So here we go:
Cryptolocker: A brief primer:
It can go by lots of names, but the most famous is Cryptolocker. A member of the ransomware family of malware, Cryptolocker is installed on your computer like any other piece of malware, and then proceeds to encrypt all of the files on your computer. Everything in your Documents folder, everything in your Pictures folder, and even files on network shares that your computer has connected. Then you get the message pop-up: You can have the key to decrypt your files… for a fee.
The malware itself isn’t actually that hard to remove. The only problem is you are still left with all of your files encrypted. Should you pony up the cash if this hits your computer? While there are certainly stories of people trying this route and re-gaining access to their files, there are also plenty of stories of payment leading to no action on the bad guys part. My suggestion is that you take some basic precautions that will allow you to survive an attack of this sort without having to deal with this decision at all.
An ounce of prevention…
When it comes to defending yourself, the very best thing you can do is follow some good practices before you ever have to deal with something like this.
A good backup routine is the single most important thing you can do to ensure your ability to survive any of these types of attacks. The simplest way to do backups is to get an inexpensive USB hard drive and backup your important files once a week or so. Don’t leave it connected all the time though! In fact, if you have a fire safe, that would be a good place to keep it when not actively backing up your PC.
There are also an abundance of “cloud” backup solutions available, and the costs are dropping rapidly. They have the added advantage of being offsite, available anywhere, and usually have some kind of automatic backup application that handles everything for you. Even if Cryptolocker strikes, you can usually access the previous non-encrypted version of your files.
The basic rule of thumb for determining if your backups are sufficient is by answering the following question: If I had to replace my current computer with a new one and all I had was this backup, could you do it? Would you have everything you needed, like documents, pictures, music, and email?
After backups, the best prevention is following the basic safe computing practices: Don’t open attachments in your email from people you don’t know, keep your computer up to date on patches, and run an up-to-date host protection suite (won’t catch everything, but will certainly catch the obvious stuff).
If you’re already infected with Cryptolocker…
I hope you have good backups. So far none of the white hat researchers who have tried have been successful in reverse engineering the malware to find a method to obtain the decryption key. The only way to fix a computer infected with Cryptolocker is to do a complete reinstall of the operating system, and then bring back in your documents from a backup. Much like my shirt with the giant coffee stain, an infected machine needs a fresh start before it will be useful again.
That’s it for this post. Thanks for reading, and stay safe out there!