The dreaded Cryptolocker ransonware trojan just clobbered a client’s data. It encrypts important data files then pops up a message saying you have 72 hours to pay $300 via bitcoin to retrieve the encryption key or your data dies forever. Among the files encrypted are Microsoft Office data files and Photoshop PSDs.
Unfortunately, they aren’t bluffing. Without the encryption key you will never recover the data. Each infected computer has a different encryption key.
Do not remove the virus at first. Doing so might make it impossible to pay the ransom. Cryptolocker is highly sophisticated, smart malware created by criminals who know what they are doing. Be extra careful about opening file attachments or using USB drives to avoid infection.
Malwarebytes explains how to determine which files have been infected. Their Anti-Malware Pro scanner blocks Cryptolocker from infecting you. I use it. Also, do offsite backups. This is crucial.
Cryptolocker is morphing and changing. It can now also spread through USB drives as well as email. You cannot break the encryption and neither, probably, can NSA. Seriously.
Due to the length of the key employed by CryptoLocker, experts considered it practically impossible to use a brute-force attack to obtain the key needed to decrypt files without paying.
In December 2013, ZDNet traced four Bitcoin addresses posted by users who had been infected by CryptoLocker, in an attempt to gauge the operators’ earnings. The four addresses showed movement of 41,928 BTC between October 15 and December 18, a value of about $27,000,000 USD per the exchange rate at that point in time.