Whether CryptoLocker, CryptoDefense, CryptoWall or another Crypto-Threat, they encrypt your files and demand a ransom to unencrypt.
As each new Crypto-Threats attack is released, it has new characteristics to avoid detection and cause more damage. For instance, the type of files that it encrypts has grown and the ransom demands have become more sophisticated. Early versions had an expiration date beyond which you could not retrieve your files. Newer versions raise the ransom as time goes by and there have even been reports of victims negotiating payment with the cyber criminals.
As the extortion becomes bolder, victims are hit harder and have to pay more. Bitcoin has become the ransom payment currency of choice causing speculation that this could damage the Bitcoin brand. The attacks hit the US hardest even though ransom payment had greatly declined.
As Crypto-Threats have expanded their strategy once they gain access to your computer, the way they infect seems constant. Infections are likely caused by:
- A fake email that causes you to open an attachment
- A malicious download often from a website that fools you into downloading the threat
- An infected webpage that uses an exploit to download the malware to your machine
To protect your computer:
- Have a recent, offline backup
- Backup your critical data
- Have a good, recent, offline backup
- Do not open email attachments that you cannot verify as authentic
- Keep your antivirus and malware protection up-to-date
- Keep your browser up-to-date
- If you get a website warning, do not navigate to that website
Even with your best efforts, you may get infected. It can be scary and traumatic. Many victims cannot put their finger on how the infection occurred. That is not surprising because these threats are designed to look authentic and have fooled even the most tech savvy. So don't feel ashamed, just get your backup to restore and make sure you have reviewed and updated your backup strategy.
Depending upon the type of infection, there may be effective methods to remove the malware. But you may decide to image (restore) or replace your computer or hard drive just to be sure. There are several factors to consider including the age of the computer, the installed operating system and the type of infection.
Additional reading:
Microsoft Blog on CryptoWall 3.0
Symantec CryptoWall page with statistics
Subliminal message - Backup your data!