One of the worst versions of this type of malware is CryptoLocker. CryptoLocker is one of the “original” ransomware versions, and it has been quite financially successful for the creators. CryptoLocker was successfully isolated and mostly contained and removed as a threat when a taskforce spearheaded by the FBI disrupted the GameoverZeus botnet that was being used to distribute the malware. Russian Evgeniy Bogachev was also considered wanted for involvement in the scheme.
Although CryptoLocker may be less of a threat now, it has since spawned several variants. CryptoWall is one of the variants and is especially destructive to users. It will disrupt security and backup software, block attempts to restore files to the infected computer, and delete “shadow copies” and restoration points.
Bidefender Labs has issued a free “vaccine” type program that attempts to intercept the encryption attempts made by ransomware, specifically CryptoWall and other variants of CryptoLocker. We definitely recommend that users install this software as an additional protection against ransomware software. We recommend that you still use antivirus software as well as antimalware tools, however this extra layer of protection is a good idea (and it’s free).
Another version that has been floating around is TeslaCrypt. However, there is another free software from Cisco Talos that can help you out if you’re infected. Since TeslaCrypt uses a different type of encryption it’s not as “bulletproof” as other CryptoLocker versions.
The best protection against ransomware is to always have offline backups of your files. In that case you can just format the computer and start over (it’s always nice to have a fresh installation of Windows anyway). That is basically your number one protection against all viruses and malware. Another way to prevent infection is to never open suspicious emails and downloads. Keep up to date on the latest security threats by following our blog or other security blogs such as Krebs On Security, and always make sure that you have an active antivirus software running.
Have you had an infection by CryptoWall or similar ransomware? How did you fix things?