IntroductionCryptolocker and Ransomware are the latest tools used by cybercriminals to part us with our hard earned cash.
Over the years we have seen a number of different methods utilised by the online scammers including phishing, fake lottery wins, fake inheritance scams, eBay scams, PayPal scams and a whole load more.
Cryptolocker and Ransomware are by far the most severe methods used thus far.
For those of you who have not heard of this type of malware the theory is as follows:
The scammers send out thousands and thousands of emails purporting to be from someone you would expect to hear from such as your bank, ISP, tax man, council or phone company.
The email claims that it contains important information. Now ordinarily we have all seen these emails before and the normal concept is that they contain a fake link to a fake website which harvests your login details.
Ransomware emails don't contain links but there will be a file attachment and the text within the email is designed to make you want to open the file attachment. The attachment itself isn't an executable so you might think you are safe from harm. Instead the attachment will be a zip file or even a PDF file.
When clicked the file will extract itself onto your computer and will start its trail of destruction.
The way Cryptolocker works is to encrypt every file on your computer and the only way of unencrypting them is to pay a ransom using bitcoins. At the moment the least you can expect to pay is £300.
What happens if you don't pay?
The ransom is time limited. If you don't pay within the time limit your files will be encrypted forever.
Previously the scammers stated that there was no way back after the time limit has passed but they are a little more forgiving now. Oh yes, their generosity is endless. As you failed to pay in time you can still get your files unencrypted but you will need to pay a lot more money in order to do so.
Realistically you don't want to ever have to deal with these people. You can't trust that the rules won't change and as the payment is in bitcoins you have no recourse for getting your money back should the scammers change their minds.
The following is a list of things you can do to beat Cryptolocker and any other Ransomware kits that undoubtedly are going to be the weapon of choice in 2014.
If you have a swimming pool in your back garden then there are 2 things you can do to stop your children from drowning.
The first thing you can do is build a wall around the swimming pool to stop your kids getting into the pool.
The second thing you can do is teach your kids to swim.
What does this have to do with Cryptolocker you might ask?
Well, you can also do 2 things to beat Cryptolocker. The first thing you can do is stop yourself ever getting Cryptolocker in the first place. The second thing you can do is make sure you have a recovery path should the first thing fail.
I am going to tackle these in reverse order, recovery first and then prevention.
Disaster RecoveryYou can employ any or all of the following techniques to save yourself if Cryptolocker or any other ransomware infest your computer.
1. Create a system repair diskThe system repair disk will enable you to get Windows back in a useable state.
Of course Linux users do not have to particularly worry about this. Linux users should be able to download the operating system from the download page of their chosen distro.
Follow this guide for creating a system repair disk for Windows 7.
Follow this guide for creating a system repair disk for Windows 8.
Follow this guide for creating a system repair disk for Windows XP.
2. Create a system imageA system image creates a complete copy of disk partitions and stores them to external media such as USB drives, DVDs or external hard drives.
If Cryptolocker infects your computer you can use the system image to restore the backed up partitions to the state they were in at the point the image was taken.
Using this method obviously relies on you backing up an image regularly.
Personally I would use this in conjunction with other methods in this guide. Maybe take a system image monthly and perform normal file backups as often as required.
Everybody will have different requirements, especially for home use.
Follow this guide to create a system image using Windows 7.
Follow this guide to create a system image using Windows 8.
Follow this guide to create a system image using Windows XP.
3. Perform regular backupsIf you regularly add files to your system whether it is by creating documents, software development, photography or video capture then you should set up a regular backup routine to copy your files off onto external media.
Follow this guide to backup your files using Windows 7.
Follow this guide to backup your files using Windows 8.
Follow this guide to backup your files using Windows XP.
This guide shows a list of backup tools for Linux.
4. Use Clonezilla to create a disk imageClonezilla is a specialist Linux based operating system that enables you to create a system image of your computer.
It works in a similar way to Norton Ghost used to work and therefore if you get any nasties you should be able to recover to the point in time the last image was taken.
Here is a guide showing how to clone a drive using Clonezilla.
5. Backup your files to DropboxThe sudden realisation that all your files have been encrypted and that your children's photos are no longer accessible, your small company accounts folder is locked or your entire music collection has been rendered useless would be a sickening feeling for most people.
Services such as Dropbox enable you to synchronise your files between your computer and an online location.
This sort of service doesn't just protect you against ransomware but it protects you against disk failures, fires and burglaries.
If you do happen to get Cryptolocker then you could use a recovery disk to restore your operating system and simply synchronise back from Dropbox to your own computer.
Dropbox is free for the first 2gb and you can increase this to 16gb by referring other people.
You can get 100, 200 and 500 gb starting at $9.99 a month.
6. Backup your files to Google DriveGoogle Drive is an alternative to using Dropbox.
With Google Drive you receive 15 gb of space for free and then a further 100 gb for $4.99 a month.
7. Backup your files using Ubuntu OneRansomware has not yet become a major issue for Linux users.
Backing up your files is still a good idea however for reasons mentioned earlier such as protecting against disk failures, fires and burglary.
If you are a Ubuntu user you can backup your files to Ubuntu One. If you aren't a Ubuntu user guess what? You can also use Ubuntu One, even if you are a Windows user.
You get 5 gb data free on Ubuntu One.
For $3.99 a month you can get 20 gb storage as well as music streaming on your mobile. There is also an annual package for $39.99 a year.
8. Backup to DVDs, USB and External Hard DrivesWhen you do something on your computer such as synchronising photos from your digital camera, downloading music or creating documents you should consider whether you can afford to lose those files.
Synchronising to an external service is a great idea because it can happen automatically.
You should also consider backing up the files yourself to a blank DVD, USB drive or an external hard drive.
DVDs are sold in packs of 50 for under £10. By backing up to different DVDs regularly you lesson the impact of ransomware.
USB drives provide more space for backing up files. They are more expensive than DVDs but can be reused again and again.
External hard drives provide even more space again which is useful for backing up video files.
9. Test your recovery mediaThere is no point in doing any of the first 8 steps if you aren't going to check that the backup paths you have chosen work.
If you have gone to the effort to create a recovery disk, insert it into the drive and make sure you can boot to it.
If you have backed up to Dropbox or Google sites make sure the files aren't corrupted.
If you have backed up to DVD, USB or external hard drive try and view the files to make sure they work.
PreventionHaving a disaster recovery plan is great. If the worst should happen then you now know that you can get back all of your files and you will have saved yourself £300. (minus the cost of any services or disks that you buy).
Have you ever installed an operating system before? How confident are you that you know how to recover your operating system.
It is very easy for me to sit here and say "just insert the system image and hit restore" but for those of you who are technically challenged this probably makes your palms just as sweaty as the idea of handing your credit card details over to a known bad guy.
If you are technically challenged then you may need to factor in the cost of getting a local computer store to recover your operating system and files.
Therefore the best course of action is prevention.
10. Don't run with elevated privilegesIf you are a Windows user make sure you have more than one user account and make sure that the account you use to access the internet is just a standard user account.
The worst that can happen to a standard user is that the files in their own area are affected. You can simply destroy that user account if you so wish.
Running as an administrator is fraught with danger.
The same advice goes to Linux users as well. Don't run as root.
11. Install Antivirus softwareMost of the good antivirus service providers will have Cryptolocker in their sights and so you should be protected.
Even if you are a Linux user you should consider installing antivirus software.
Just because there have been few reports of viruses doesn't mean that it can never happen but the main reason to install antivirus software for Linux is so that you can scan any files that you plan to send to your friends, relatives and work colleagues.
That picture of a cute kitten that is harmless on your Ubuntu machine might well be riddled with viruses that destroys your company network after a dozen colleagues open it.
12. Keep antivirus software up to dateSeriously there is no point having antivirus software that has out of date virus definitions. It is like having a lock on a door and leaving the window open.
13. Have your wits about youIf your bank has anything important they need to tell you then they will never use email to do so.
If you become overdrawn you will receive a letter in the post and you can always check your online bank account.
Most banks provide information via their online bank portals.
If there is anything in that email that just doesn't look right then get rid of it.
This theory works for all major companies and government departments. They don't (or shouldn't) send out anything via email that requires you to follow links or open files.
14. Use a virtual machineNow this may seem a little overkill but you could consider using virtual machines for opening attachments in emails or for visiting sites that may be a little off the beaten track.
Windows has a virtual machines option but I would consider using Oracle's Virtualbox software.
Windows users can use a virtual machine to get their first taste of Linux.
Read my article "5 ways to try Linux without messing up Windows" for more information.
15. Use LinuxThere have been no reported cases of Ransomware taking over anyone's Linux based operating system so why not join the millions of people who have left Windows behind for a more secure way of working.
16. Never pay upAs tempting as it may seem when everything has gone wrong never ever pay the ransom.
By paying the ransom you are encouraging these people to do it again and again and again.
Unfortunately this advice can be hard to take when even a police force thinks it is a good idea to pay.
Click here to buy the eBook "From Windows To Ubuntu"