Knowing that the Malware could get removed by anti-malware software, they provide a download link to the De(en)cryption software, so you can reinstall it. The Command / Control server is one of many that the software uses, the one for this infection was “ ” and is presented on an information screen by the infection. If you try to work around the infection, you risk the client telling the server to delete the key.
So if it goes offline (or is taken offline) before you can pay the ransom, the key is lost. This server’s operation is critical to the successful recovery of your personal (or business) files. The rest of this post is what we’ve done and our plans for the future.Įach computer’s infection has a Command / Control server that holds the public (and private) keys that were used to transmit the actual encryption key used to encrypt your files. I also sent someone over to my Executive’s home to work with him on recovery. So, I absorbed a lot of that information and set my team to work. They also have a VERY active support forum with over 85 pages of updates including over 1200 posts dating back to September 6, 2013. I found a really good and thorough discussion of the Cryptolocker infection on, They do a great job breaking down a lot of the information and providing some resources for Enterprises to combat the virus. However, I wanted to get more information about protecting our Enterprise, as well as more information on how the decryption and payment operated. I also knew we probably needed to pay the ransom to get my Executive’s personal files restored.
I knew what I was facing because of Steve’s excellent description of the problem. This is what the screen looked like (pardon the poor quality, these are camera phone shots): My Executive’s personal home computer had been infected with Cryptolocker. He responded with, “Your personal files are encrypted! Your important files encryption produced on this computer…”, oh no… “Please read me what it says on the screen, ” I asked.
After listening to Steve Gibson’s and Leo Laporte’s Security Now podcast from last Wednesday (#427: A Newsy Week), I dreaded the answer to my next question. I asked what was displaying on the screen and he responded, “It’s asking for me to pay them money to get my files”. On Monday morning, I got a call from one of our Executives telling me that his home computer was displaying a strange message and asking for some assistance.