Steve Gibson’s Security Now podcast #427 had a segment on CryptoLocker malware that encrypts your data files with 2048 bit encryption. The infection can occur by you either downloading and opening a file from the internet or opening an attachment even from someone you know. There are clean up tools to remove the virus however that does not restore your data files. You either have to either pay via the Internet to get the decryption key or restore them from a backup that you previously made. Do not rely on copies of your files on network drives, USB drives that were accessible during the infection or cloud storage.. This is because CryptoLocker infects network shared drivs, USB attached devices as well as cloud storage services running in the background and accessible as a drive letter.

Do not rely on file extensions you see in Windows Explorer because the default is to hide common file extensions such as .EXE and .COM. This means that a Document.pdf file that you are about to click on could in fact be a Document.pdf.exe.

The current issue of WindowsSecrets newsletter mentions CryptoLocker as well as possible way of preventing infection .The WindowsSecrets forums has a discussion thread. This thread mentions this third party utility called CryptoPrevent which automates the implementation of the rules .

Note: I have only just installed this third party program and have not yet tested it to see what problems it may cause. One problem may arise if you are in the habit of running EXE files from within compressed files such as RAR or ZIP files to do installation of updates etc. This modification will prevent that. You will have to first uncompress the files into a directory and run the exe from the directory.

An anti-virus is not going to necessarily protect you. As mentioned in the Windows Secrets article under “In this case, your best defense is prevention

Keep in mind that antivirus software probably won’t prevent a CryptoLocker infection. In every case I’m aware of, the PC owner had an up-to-date AV application installed. Moreover, running Windows without admin rights does not stop or limit this virus. It uses social engineering techniques — and a good bit of fear, uncertainty, and doubt — to trick users into clicking a malicious download or opening a bogus attachment.

This is a preliminary examination of a computer that was infected by CryptoLocker and what the author has found out about it.