BEK Blog

November 7th, 2013

Keep Yourself Safe From Cryptolocker Ransomware

by Bonnye Sensenig

Over the past several weeks, we have heard from many BEK clients asking what they can do to recover and protect them from “CryptoLocker,”. This is an increasingly prevalent and nasty strain of malicious software that encrypts your files until you pay a ransom, also known as Ransomware.

This ransomware is particularly nasty because infected users are in danger of losing their personal files forever.


According to reports from multiple security firms, CryptoLocker is most often spread through phishing email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.

Cryptolocker will encrypt users’ files using asymmetric encryption, which requires both a public and private key. The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other.

The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server.

Another thing to remember about CryptoLocker –the problem is not so much in removing the malware — that process appears to be surprisingly trivial in most cases.

The real issue is that all of your important files — pictures, documents, movies, MP3s — will remain scrambled with virtually unbreakable encryption unless and until you pay the ransom demand, which can range from $100 to $300.

Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include:

3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

BEK Continues to emphasize the importance of backing up one’s files as a hedge against disaster in the wake of a malware infestation. Unfortunately, if your backup drives are connected physically or via the local network to the PC that gets infected with CryptoLocker, your backups may also be encrypted as well.

While BEK cannot guarantee recovery of your encrypted files post-infection, we do have options to prevent infections before they start. The antivirus program that BEK currently suggests- Symantec- detects and blocks CryptoLocker as a Trojan.ransomcrypt.F file. They are working hard to keep up with any changes that may be made to the program.

Blog Home »