Randsomwear – security steps for home users

Cryptolocker and Cryptowall are trojan malware which target Windows computers. Once infected, your data will be encrypted and you will need to pay a randsom in bitcoins to get the decryption key.

The malware uses social media or email as attack vectors, and users will see a message purported to be from FedEx, UPS, etc. with a tracking notice. The enticement for a user (especially a business who ships things using these carriers) is that it is legit and they open it. Boom. They are now infected.

The bad news: once infected, you are screwed. Either have a backup, pay or lose your data. The good news: there is honour among thieves. If you pay, your data will [likely] be restored. It is part of their business model to make sure you know it is worth it to pay (this according to The New York Times).

A lot of the advice on the net points to the Cryptolocker Prevention Kit which is for system administrators and will be confusing to home users.

So here are some quick and dirty steps for the average user to reduce the chance of infection:

1. Backup your data. Duh. Use a service like carbonite or dropbox.
2. Don’t just click attachments in emails – confirm they are safe first. Is the email from a trusted source? What kind of file is it? Do NOT click .exe or .bat files. Many email services filter these out by default (eg Gmail) but if you are getting your email through a company server or local ISP, you have to be your own security officer.
3. Have good security software. Ie anti-virus, malware detection, firewall, etc. It is beyond the scope of this post to explain those but you may find this info useful.
4. Keep your software up to date. Try Filehippo if you find this difficult.
5. Last, but certainly not least, run CryptoPrevent which has been specifically designed for home users but will work on all versions of Windows. This will simplify all the advice around on changing group policy and creating the Software Policy Restrictions recommended.