What is it?

Cryptolocker/Cryptowall is ransomware targeting Microsoft Windows devices. This trojan selectively encrypts your data. Once encrypted, your data is held for ransom by the attacker (who holds the key).

How does it work?

The trojan is commonly delivered through spear phishing. Once installed it contacts the attacker's infrastructure (C&C) to register and generate a new set of keys. The public key is then sent back to your device and the trojan starts looking for documents, photos and other data to encrypt. You are then presented with the ransom note threatening to destroy the private key (which is in the attacker's possession) unless you pay.

Should I be worried?

Yes. This is a very profitable crime. If your device is infected and your data gets encrypted with the attacker's key, it is very difficult – if not impossible – to decrypt without the private key.

How can I prevent it?

Backup your data regularly. Watch out for spear phishing. Use dynamic network blocking to prevent infections and to disrupt communications with the attacker's infrastructure.

–