Get free advice on all things IT


CryptoLocker Virus: the Foundation of Modern Malware & How to Decrypt It

Modern day Ransomware has significantly evolved since it originated in 1989 with the AIDS Trojan. Spread via infected floppy disks, the AIDS Trojan was largely unsuccessful because few people used personal computers and the internet. Now, with near-full digital connectivity and technology constantly advancing, new-age Ransomware is easily and widely distributed. CryptoLocker Virus is/was one of the first widespread pieces of malware and gained notoriety for its nasty effects. 

silverbug cryptolocker virus blog header

What is CryptoLocker Virus and What Did it Do?

First discovered in September 2013, CryptoLocker displayed all of the usual characteristics of Ransomware:

  • Targeted victims through phishing and malicious emails, links and attachments.
  • Encrypted user files.
  • Demanded a ransom for the safe return of the files.

This Trojan horse targeted Windows computers and searched for files to encrypt, from USB memory sticks to shared network drives and cloud storage. The files were then locked via a public key and hackers demanded ransom for the files to be decrypted via a private key that they possess. If the ransom wasn't paid within 72 hours, the hackers would destroy the encrypted data. 

CryptoLocker caused havoc from September 2013 to June 2014. During that time, the malware managed to infect an estimated 500,000 computers, including NASAVictims whose computers were infected were presented with demands for $400 (£237) or €400 (£317), usually in a virtual currency such as Bitcoin. 

Analysis has indicated that only 1.3 percent of all people hit by the malware paid the ransom. This is because many of the victims, including NASA, were able to restore their lost files from backups. This highlights how important it is that you back up your files on a regular basis and keep copies of them distributed in several secure places.

However, despite this low response rate in ransom payments, the cyber criminals still managed to make an estimated $3 million from CryptoLocker.

CryptoLocker was eradicated by security experts in June 2014. The National Crime Agency (NCA) took down the control system, known as GameOver Zeus, which provided the criminals with a backdoor into users' computers.

Then, security firms Fox-IT and FireEye managed to create portals where CryptoLocker victims were able to recover their encrypted files - all without needing to pay a ransom. 

If Something Similar Happens, Now, Should You Ever Pay the Ransom?

Sometimes the worst happens.  You might have done everything right and followed every recommended security procedure, with multiple backups and all of those distributed in secure locations. But somehow the malware has still managed to encrypt your data and there's little chance of full restoration. 

What should you do? For starters, don't pay the ransom fee because there are no guarantees you will be granted access.

In 2016, a Los Angeles hospital admitted that it paid hackers around $17,000 to get their data back. Luckily, the criminals did unlock the hospital's files and sent them back unscathed. However, there's absolutely no guarantee that the criminals behind all Ransomware attacks will do the same. After all, criminals aren't exactly the most trustworthy of individuals. If you pay up, you risk getting nothing back - meaning you would have forked out the money for no reason.

How Can You Decrypt CryptoLocker and Other Forms of Ransomware?

As we discussed above, it's never a good idea to pay the ransom, no matter how convenient that may seem because there's no guarantee you'll get your data back.

There are many guides available on the internet which may advise you on how to remove the malware and decrypt your data. However, again, there's no guarantee those methods will work and you risk aggravating the malware, which may lead to the destroying of your data. As well as this, DIY solutions can be extremely time-consuming, require expert knowledge and may damage your system in the process.

It's a much better idea to consult a data recovery firm and let the experts try and recover your data.

However, best practice will always recommend that you take precautions to avoid malware attacks in the first place:

  • Never open files and attachments from unknown senders.
  • Have robust antivirus and ensure your staff follow strict security protocols. 
  • Encrypt sensitive data.
  • Always update your systems. Ransomware tends to seek weaknesses in computer systems and out-of-date software certainly fits the bill.
  • Ensure only authorised members of staff have access to your sensitive data and you monitor their activity.
  • Have a Disaster Recovery plan in place and always back up your data. Companies who didn't have backups of their data risked losing vast amounts of vital business data.

Want to Find Out More About Ransomware and How Disaster Recovery Can Help?

The threat of malware is growing and a big Ransomware attack without a plan in place will be catastrophic for your business. If you'd like to find out more about backup methods and Disaster Recovery, what they are and how best to handle them, download our free guide. Find out more here:

Disaster Recovery CTA 3

FREE Case Consultation

Recent Posts