CryptoLocker and CryptoWall are ransomware Trojan which targets Windows operating systems. It’s been around for a few years now and is generally distributed through email attachments. Once activated, CryptoLocker encrypts the user’s data and demands a payment through bitcoins or pre-paid cash vouchers. If the payment is not made, the malware deletes the user’s data. But should you pay the ransom, or run the risk?
Other types of file encrypting malware can be easy to unlock your data without paying up. However with CryptoLocker, it is simply not that easy even if you are pretty good with computers. The only way to get your data back for sure is to pay the cyber criminals for the key to unlock your file. Having said this, there have been a few reports whereby the key hasn’t worked anyway. These are few and far between and if you think about it, cyber criminals won’t make anything if word gets out that payment of ransoms are not delivering user’s data! With typical ransoms upwards of £200GBP, only you can put a value on your data.
One argument for not paying ransoms is that users are afraid criminals will come back for further payments. Remember though that your files have not been stolen, they are still on your computer even if they are scrambled. The cyber-criminals do not have copies of your data, so they are unable to return with further demands once you have decrypted your data. As long as you take precautionary measures to avoid further infections and remove the malware files, in theory you are safe!
So should I pay or can the data be recovered? The data may well be recoverable, but often decryption can be notoriously long and expensive. Identifying the decryption keys is a little like ‘throwing mud at a wall’. Data recovery is simply a matter of running through all the possible key combinations, which can be billions of variables. Having said this there are now tools available which make decrypting the malware somewhat easier. Free online utilities like CrashPlan and DecryptCryptoLocker are worth pursuing before thinking about engaging data recovery specialists. DecryptCryptoLocker simply allows you to upload an infected file and emails you back a recovery program.
So before you pay a ransom or engage a data recovery expert, try one of these free online utilities. If this doesn’t work, getting your data back is going to cost you one way or the other!