Cryptolocker is malware actively being distributed via email attachments and net-bots. It will encrypt your data files and will extort money to provide the decryption key for gaining access back to your files.
There is a story of an accounting firm being hit with Cryptolocker: "The encryption of all of their files ten days before the 10/15
tax deadline was nearly fatal and, yes, it nailed the backups.
I believe the toehold was a poisoned PDF from a client."
Another article indicates that the
Massachusetts Police Department were hit with the same malware.
When activated, "It (allegedly) generates a public/private key pair, sends the private key off to the mother ship, then starts encrypting all accessible files. When it's done enough, it starts demanding money for the key to decrypt everything." In detail, "According to
Steve Gibson,
when CryptoLocker contacts the central server(s), the servers generate a unique (per victim) 2048-bit RSA keypair; the public key is sent from the server to the infected machine. The infected machine generates a random 256 bit AES key, which is then encrypted with the public key and sent to the server, and used locally to encrypt the ransomed files. The key stored in the infected machine's registry is the public half of the RSA key. "
The malware will encrypt local drives, and will do the same to any attached network drives and usb devices. So to counter the attack, be sure to have backups of all working files, and that those backups are installed off-line. And of course, you a recovery is required, be sure that the malware has been eradicated first, otherwise the supposedly safe files will no longer be available.
The National Crime Agency has issued an alert:
"Mass Ransomware Spamming Event Targeting UK Computer Users" which is well worth reading for its detail on distribution methods, infection methods, and methods of prevention.
A security researcher's take on the malware:
CryptoLocker Crew Ratchets Up the Ransom.
That article references another web site which offers the
CryptoPrevent Tool which is installed to help prevent CryptoLocker attacks on a Windows computer.
Be aware, the extortion amount requested by the Cryptolocker malware may be moving up from 2 bitcoins to 10 bitcoins as mentioned at
CryptoLocker developer launches Decryption Service website; 10 Bitcoins for Decryption Keys.