What is the CryptoLocker virus?

CryptoLocker is a virus currently circulating on the internet, which once installed will scan your local and network drives for documents and pictures and encrypt the data using a mix of RSA and AES encryption metholodogies and then hide the key.

How does CryptoLocker get installed?

CryptoLocker is known to be spreading by the following three methods:

  • Attached to emails which pretend to be customer support related issues from FedEx, UPS, DHS, etc.  When opened, the attachment will infect the computer.
  • Via exploit kits located on hacked web sites which exploit security vulnerabilities on your computer to install the infection
  • Through Trojans which pretend to be programs required to view online videos Once your data has been encrypted, a window will appear demanding a ransom in US dollars and display a number of methods of making payment, a countdown will appear showing when the ransom must be paid. If the payment is not made before the countdown ends the decryption tool is removed rendering your encrypted data inaccessible. Reports suggest that even once the ransom payment is made, data is not decrypted either at all or in its entirety.
How to protect your business against CryptoLocker?
  • Ensure you have a reliable backup and disaster recovery plan in place. This will allow you to easily restore files and folders or your entire machine if needed.
  • One way the CryptoLocker virus is circulating is by posing as legitimate email attachments. Do not open any attachment you are not expecting. Implementing a Managed Email Security system will help protect you against virus and malware attachments, ensuring your emails are safe to open.
  • Make sure you have a firewall policy in place which will protect your network against unauthorised data transmission.


If you are concerned about the CrytoLocker virus and would like us to carry out a security audit on your network, contact us on 01522 718248.