The CryptoLocker ransom-ware exploit remains on of the most difficult security challenges that we face, since once all your personal data is encrypted, the only way back is either from an uninfected backup, or paying the cyber-criminals to receive your decryption key. The good news (well I guess it’s good news), is that the bad guys are playing fair and actually sending the decryption key and even providing a bit of tech support. Not all attempts to recover this way are successful, though. The following information comes from Hackin9 Magazine.
This week I received notification from a legal firm (after the fact) who had been infected with CryptoLocker Ransomware and all of their files where encrypted and held for ransom. Since they did not have backup shorter than a week their IT staff had recommend that they pay the ransom. They ended up having to pay $400 USD to get the files decrypted. They were lucky in that the criminals actually supplied the key and provided some technical assistance in retrieving the files. Goodson’s law firm in the North Carolina state capital Charlotte, had gone public on February 8, 2014 bravely admitting losing its entire cache of legal documents to the CryptoLocker Trojan despite attempting to pay the $300 ransom in a bid to have them unscrambled.
There is also an interesting article on CIO Magazine that details the experiences of other companies and a local police department.
The best solution I have found is to invest in an online backup system that provides something called “versioning.” While CryptoLocker’s encrypted files will gradually replace your backed-up files on most online backup systems, versioning provides older copies of backed-up documents to restore from, and these older copies are not replaced by encrypted file copies. For this type of protection we recommend Carbonite, but any backup system that provides versioning should work.Share