Steve Gibson 's Security Now podcast had a segment on #CryptoLocker a malware that encrypts yo...

[G+_Greg M]

Steve Gibson's Security Now podcast had a segment on #CryptoLocker a malware that encrypts your data files with 2048 bit encryption. There are clean up tools to remove the virus however that does not restore your data files. You either have to either pay via the Internet to get the decryption key or restore them from a backup. 

 

Security Now episode #427 http://twit.tv/show/security-now/427

 

The current issue of WindowsSecrets newsletter mentions CryptoLocker as well as possible way of preventing infection "CryptoLocker: A particularly pernicious virus"  http://windowssecrets.com/top-story/cryptolocker-a-particularly-pernicious-virus/ .The WindowsSecrets forums has a discussion thread  http://windowssecrets.com/forums/showthread.php/157422-CryptoLocker-A-particularly-pernicious-virus. This thread mentions this third party utility called CryptoPrevent which automates the implementation of the rules

 

http://www.foolishit.com/vb6-projects/cryptoprevent/ . 

 

Note: I have only just installed this third party program and have not yet tested it to see what problems it may cause. One problem may arise if you are in the habit of running EXE files from within compressed files such as RAR or ZIP files to do installation of updates etc. This modification will prevent that. You will have to first uncompress the files into a directory and run the exe from the directory.

 

An antivrius is not going to necessarily protect you. As mentioned in the Windows Secrets article under "In this case, your best defense is prevention"

 

Keep in mind that antivirus software probably won’t prevent a CryptoLocker infection. In every case I’m aware of, the PC owner had an up-to-date AV application installed. Moreover, running Windows without admin rights does not stop or limit this virus. It uses social engineering techniques — and a good bit of fear, uncertainty, and doubt — to trick users into clicking a malicious download or opening a bogus attachment.

 

Update 10/28/13 This is an examination and analysis of an executive's computer that was actually infected and the ransom paid to decrypt the files. Please be aware the site is receiving a lot of traffic so that the page may not load at times.

 

 http://robpickering.com/2013/10/cryptolocker-an-executive-infection-1420

http://twit.tv/show/security-now/427