Wednesday, November 27, 2013

Are you a victim of Cryptolocker Ransomware?

Just so you know guys I’d like to share something that may be useful to everyone. There’s an epigram which says, “prevention is better than cure”. As an IT guy, we rely so much on our personal files and documents and there's been a trending news about a ransomware named Cryptolocker that gone wild in the internet. Unfortunately there are many victims in just a short period of time. Here's the sample screenshot.

I got a live copy of Cryptolocker embedded inside a pdf file from the underground community. I have been playing with it on a totally isolated Windows 7 desktop PC. (Don’t ask me for a copy, you can get a copy of your own just google it!)

I found out that one way we can prevent Cyrptolocker from encrypting all our files is to use another file encrypting system, encrypt it and save your private key on a separate backup location. In my case study, I used BitLocker which is free from Microsoft and comes handy as it uses AES encryption algorithm which is also very hard to decrypt. So even when Cryptolocker got inside your system, it won’t be able to encrypt the files which are already encrypted by Bitlocker. So basically the concept is encrypt it first and any file encrypting ransomware won't be able to touch it. :)

From that point, you can safely remove Cryptolocker ransomware from the system without having to worry that your Bitlocker-encypted files will be erased. We’re still in the testing stage until now, so far all our Bitlocker-encrypted files are still intact when we removed Cryptolocker from the system.

Just thought of sharing this to everyone, again “prevention is better than cure”

Disclaimer: Again let me reiterate that we are still in the testing/trial stage so let us all assume that it is premature to conclude that what we did is 100% reliable and flawless. There is no 100% security in the cyberworld. Thank you!

No comments:

Post a Comment