CryptoLocker–an update

I recently wrote about the threat that CryptoLocker is to your personal files and data.  After doing more research into it, this is what I know so far:

Information I am reading about this says that CryptoLocker only can encrypt local drives (those installed in your computer and USB external drives attached to your computer) and connected shared network drives (drives located on another computer or shared drive that shows up on your computer as a mapped drive).

I am not sure if a backup service such as Carbonite would be vulnerable, but something like Google Drive or SkyDrive may be vulnerable, since they appear as mapped network drives on Windows systems.  Since we are Carbonite partners and they are our recommended backup solution, I have an email into Carbonite on this issue and will post their response.

Windows Backup appears to be safe if you are backing up to a network drive and not an attached USB external drive.  Since the network backup location is not mapped, and the backup service runs on a schedule, it would appear that you could expect to recover files from your backup – AS LONG AS YOU DID NOT BACK UP THEE CHANGED ENCRYPTED FILES. 

So if you get infected, be sure to stop all your automatic backups, whether to local USB drives, network drives or online backup services.  And by all means, contact your computer support professional immediately.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.