CryptoLocker Ransomware: Unlocked and Gone!

The latest CryptoLocker ransomware has been defeated by RollBack Rx v10.x.

There’s a scary new threat floating around in cyberspace. It may already be too late. The computer you’re using right now may already be infected. While you’re working away on an important document, files in the background are becoming irretrievably encrypted. You’ll then soon receive a notice informing you that your computer has been infected and all your important files are unusable. A hijacking is taking place, but of a very different kind. The extortion persists for a few agonizing days until a ransom payment of $300 is received. You feel victimized and you may lose your important files forever.

Luckily, you have RollBack Rx on your PC and you can instantly restore your PC to an earlier time. Within seconds and after a quick reboot of your workstation, you will feel as though you never had the CryptoLocker infection in the first place. But if you don’t have RollBack Rx, read on, so that you are better informed of what you can expect.

What Is CryptoLocker?

CryptoLocker is one of the most malicious ransomware Trojans floating around in cyberspace today and is targeting Windows-based computers. First reports of its existence surfaced in about early September 2013. Users typically contract an infection of this malware on their machines through an email attachment or a pop-up purporting to be from FedEx, UPS tracking notifications, Xerox, ADP, McAfee, USBank, or other legitimate businesses. Once the Cryptolocker file is on the host machine it scans the system for Microsoft Office documents, spreadsheets, photos, music, PhotoShop images, videos and other files and initiates a mixture of RSA & AES encryption of these targeted files using a public key received via communication with one of the CryptoLocker’s command and control (or botnet) servers. This malware then presents a message screen informing the user that their PC has been infected, displays a countdown clock with 3 days remaining, and attempts to extort a payment of $300 US or 300 Euros or half a Bitcoin (about $500 US). It usually informs the victim that they have 72 hours to comply and threatens that thereafter the private key will be permanently destroyed and their files will remain undecipherable. The grace period the malware is allowing the victim is actually required to thoroughly encrypt the files since its low-level encryption is a very time-intensive process.

CryptoLocker Repair and Removal and Data Fix

There are unconfirmed reports that there is also subsequently offered a “second chance” for the victim to receive the private key required for the decryption process even after the deadline has passed but this time, attempting to blackmail the victim for 10 Bitcoins (about $10,000 US), to be paid to criminal hackers at some unknown location. The payment methods are strictly Bitcoins and MoneyPak vouchers, both of which are decentralized payment methods which don’t generate traceable transaction records.

The latest antivirus dat files simply remove the cryptolocker registry keys and system files from the Windows registry – however all files that were encrypted would not be recoverable. The encrypted files can’t be decrypted by Antivirus software and so they are lost forever. Cyber security experts are adamant that the victim not submit to this extortion and to refuse to pay the coerced payment. These experts, however, don’t offer any constructive means of recovering the user’s lost files.

CryptoLocker VS Antivirus

The problem with antivirus programs is that they’re always behind the eight-ball. Constantly trying to identify and cure known infestations. They do this by updating malware definition files in hopes that the user updates their antivirus application before they are attacked. Therefore, by the nature of malware – Antivirus is great for detecting malicious files but in most cases, you would not be able to guarantee that your PC would be back to an exact pristine state. RollBack Rx is the only known prevention for CryptoLocker infected PCs. The entire CryptoLocker program as well as its mass data carnage would all be eradicated by simply booting up your PC into an earlier state using the RollBack Rx sub-console. It will quickly restore your workstation and recover from any CryptoLocker attack.

you can simply return to exactly how things were before the problem ever began. Imagine you could just go back in time by rolling the clock back instantly to before any such problem issue appeared on your machine.

How Can You Prevent Your Computer from Becoming Infected by CryptoLocker?

Horizon DataSys clients have been able to recover from CryptoLocker using RollBack Rx. RollBack Rx is a software program that instantly restores hard drives back to any number of earlier points in time (or “snapshots”). If a problem arises, the workstation can simply be reset to any of these earlier dates before the problem ever occurred, without damaging the system and without losing any of your data. RollBack Rx is a bit-for-bit restoration engine using Horizon DataSys’ own patented sector-mapping technology that can be set to return to a snapshot prior to the time the CryptoLocker infection took place. All files encrypted by CryptoLocker are returned to exactly how they were prior to the attack. RollBack Rx software has fared well against this nasty CryptoLocker trojan horse. PC users that have RollBack Rx installed on their PCs are able to easily roll back to a snapshot prior to the infection without any sign of the CryptoLocker remaining on their machines. Further, they were able to explore their latest infected snapshot and drag-and-drop more recent versions of their uninfected documents.

One RollBack Rx user explained that once he discovered the CryptoLocker infection on his machine he immediately rolled back to an earlier snapshot. Within seconds he was back to a point in time before he opened the email attachment that caused the issue. The only issue was that the RollBack Rx had to be accessed from the bootup screen as the GUI was inaccessible (due to the CryptoLocker). “It really wasn’t much more complicated than that,” he told us. This customer, who chose to remain anonymous, lives in France. He said that he did have a very popular commercial anti-virus program installed and that it didn’t detect any issue with the attachment. This really shouldn’t be a surprise as the CryptoLocker file is really no different than any other common program from the antivirus program’s perspective.

Over the years the nature of virus and other malware attacks has evolved. In early instances of such virulent infections, the perpetrator wanted to display their programing and hacking abilities, to show off their skills. These infections have now evolved to the point where the rogue hackers are monetizing their skills in hijacking other computer systems. This is becoming a huge commercial enterprise and it’s only going to get worse. The hackers no longer seem care to get credit; they just want your money.

We’re all just human. We make mistakes. So the software protecting our machines should be more robust and be able to undo such issues rather than just leaving us to hope that we don’t make such mistakes. There are some pretty scary things out there but if we constantly lived in fear of these things and were deathly afraid of clicking on anything we wouldn’t be able to get anything done. If you have RollBack Rx installed you don’t need to worry about and keep up with all these issues.

If you didn’t have RollBack Rx installed then native Windows features are your best option to recover files. Windows System Restore (now called Refresh and Reset in Windows 8) creates Shadow Volume Copies of your recently opened personal documents that are automatically backed-up. But this isn’t a foolproof way to restore all your files as Windows System Restore won’t create backups of your personal files and folders. Windows System Restore is really only for recovering Windows system files, not your personal vacation photos, your financial documents, your iTunes music albums, et cetera. Worse, more recent variants of Cryptolocker delete all shadow copies.

It’s best to prepare. RollBack Rx will regularly and automatically create backups of all your files (called “snapshots”). Each snapshot is a complete instance of everything as it existed on your machine the second the snapshot was taken. You can simply return to any of these points-in-time and every trace of any such virus or other malware is completely removed from your machine.