There is a particularly nasty new variety of rogue “scareware” infecting PCs worldwide this fall and winter called CryptoLocker. This stuff is very dangerous and you need to be aware of it so that you can protect yourself from its effects.

CryptoLocker usually gets on a PC via a spoof email from UPS.com or FedEx.com. The email looks real but it is not. It will contain a zip file as an attachment and the body of the email that will tell you to open the attachment to read about the details of a package being delivered to you. Don’t open the attached file. If you do it will open a PDF file in Adobe Acrobat and at the same time it will install CryptoLocker on your PC. Undoubtedly the extortionists behind CryptoLocker will use other email send addresses in the future to try and trick us into installing the software. We will all need to be skeptical about any emails we get from unexpected sender that contain file attachments (especially zip files).

CryptoLocker is just the latest in a long line of rogue antimalware software that we have been dealing with for years. Rogue antimalware software (sometimes referred to as scareware) works by mimicking the look of legitimate antimalware software and scaring you into giving up your credit card number in order to remove thousands of malware items it says is infecting your PC. In fact, the scareware itself is the only malware that is infecting your PC. In the past, this scareware usually was easy to identify and remove. The only real damage it caused was to trick you into giving your credit card number to the extortionists behind the scheme.

The new breed is an entirely different animal. If CryptoLocker gets onto your PC it will do serious damage. It works by encrypting files and folders on your PC until you start to experience problems. Then it will offer to sell you the encryption key so that you can decrypt the affected files. If you do pay them they will send you the key. Interestingly, CryptoLocker requires payment using Bitcoins. This is because many of the groups behind the original scareware schemes were shut down by the credit card companies. Bitcoins are safer for them because they are harder to trace.

If your PC does get infected with CryptoLocker your options are limited. You can pay CryptoLocker but that only rewards and further encourages the extortionists. Short of paying CryptoLocker, your best option is to remove CryptoLocker and restore your damaged files from a recent backup. You do have a recent backup, don’t you? If you don’t then your damaged files are lost forever.

If you have any questions about CryptoLocker or steps you can take to protect your PC from this threat please contact Jim Stern at DS&B, Ltd.