My CrytoLocker cleanup story


There is a particularly worrying piece of malware doing the rounds called ‘CryptoLocker’ – it’s in the ‘Ransomware’ category and sets the standard for what we should expect going forward with malware.
CryptoLocker infects your machine, encrypts yours files and then demands a $300 ransom, hence ‘Ransomware’
The really nasty thing is not only does it infect and render your local files useless, it also reaches out to any network shares the infected user has and encrypts those files too, turning documents into nothing more than a messy goop!.

This post focuses on symptoms of infection in a client/server scenario, finding the infected workstation through its behaviour with network shares and cleaning up the resultant mess. We considered the workstation disposable and restored a clean system image to it, we didn’t spend anytime trying to remove it – there are plenty of resources on the web that covers removal.

Continue reading “My CrytoLocker cleanup story”