How can I keep my files safe from the CryptoLocker ransomware virus I received an email about?

Recently, you may have received an email warning staff and faculty about email messages that may seem trustworthy, but, if opened, could be dangerous. CryptoLocker is a particularly malicious piece of ransomware (Ransom Software) that targets all versions of Windows, encrypts a user’s files, and then sells the files back to the user for a high price.
Once the software has finished its encryption process, displays a CryptoLocker payment program prompting the user to send a ransom of either $100 or $300, in order to decrypt the files. This screen will also display a timer stating that the user have 72 hours, or 4 days, to pay the ransom or, else the program will delete the encryption key.

How did I become infected?

This infection is typically spread through emails sent to company email addresses. These emails pretend to pose customer support related issues from Fedex, UPS, DHS, etc. These emails contain a zip attachment that, when opened, infect the computer. These zip files contain executables that are disguised as PDF files: they display a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, these files look like normal PDF files and people open them.

How to prevent your computer from becoming infected by CryptoLocker:

FoolishIT LLC offers a free utility called CryptoPrevent, which automatically adds the suggested Software Restriction Policy Path Rules listed below to your computer. This facilitates those using Windows XP, SP2 and above in quickly adding Software Restriction Policies to their computer, to help block programs like CryptoLocker and Zbot.

A new feature of CryptoPrevent whitelists any existing programs in %AppData% or %LocalAppData%. This is a useful feature which ensures that any restrictions do not affect legitimate applications that are already installed on your computer. To use this feature, make sure you check the option labeled ‘Whitelist EXEs’ already located in %appdata% / %localappdata% before you press the Block button.

You can download CryptoPrevent here

Once the file has been downloaded, extract the folder and run the program to keep your computer and data secure. If you have further questions or concerns about either CryptoPrevent, or the security of your files, please contact us at help@dentistry.utoronto.ca  or 416-979-4900 Ext.4480.