Some advice from TrendLabs on avoiding Cryptolocker….
An infection with CryptoLocker starts as spam email which carries a Trojan (a downloader). The spam might promise a ‘free way to unlock software’ its success depends on the social engineering lures used in the spam message and how people respond to it.
These are the safe computing practices to consider when opening emails and file attachments:
- Always check who the email sender is. If the email is supposedly coming from a bank, verify with your bank if the received message is legitimate. If from a personal contact, confirm if they sent the message. Do not rely solely on trust by virtue of relationship, as your friend or family member may be a victim of spammers as well.
- Double-check the content of the message. There may be obvious factual errors, spelling mistakes or discrepancies that you can spot. There may be a claim from a bank or a friend that they have received something from you (go to your recently sent items to double-check their claim).
- Refrain from clicking links in email. In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you have to click on a link in email, make sure your browser uses web reputation to check the link.
- Always ensure your software is up-to-date. Regularly updating installed software provides another layer of security against many attacks.
- Backup important data. Unfortunately, there is no known tool to decrypt the files encrypted by CryptoLocker. One good safe computing practice is to ensure you have accurate back-ups of your files. The 3-2-1 principle should be in play: three copies, two different media, one separate location.