Graham Cluley and the U.S. Computer Emergency Readiness Team (US-CERT) have just issued alerts about Cryptolocker, a new type of ransomware.  As Mr. Cluley reports, the alert about Cryptolocker was first reported in the United Kingdom (see,; “Cryptolocker: What is it? And how do you protect against it?”; November 16).  US-CERT issued a first warning about Cryptolocker in early November and then posted an update on November 18th (see,; “Cryptolocker Ransomware Infections” (TA-13-309A)).

The reports from Mr. Cluley and US-CERT provide detailed information about Cryptolocker — what it is; how it works; and how people can try to protect their computers against it.  Here is just a brief overview since consumers will want to read both reports since the “how to protect” aspects are very detailed.

Very briefly, here’s how Cryptolocker works:

  • It is a new variation on prior ransomware schemes — schemes that capture a victim’s computer and hold it hostage until a ransom is paid;
  • It is targeting computers running versions of Windows; Mac computers aren’t affected;
  • It is a “Trojan Horse” scheme as it’s spread via spammed emails;
  • The spammed emails look as if they’re coming from banks and financial institutions
  • The spammed emails have an attachment that the recipient is told to open;
  • The computer is captured and infected once the attachment’s opened;
  • Once infected, all of the files on the computer become encrypted and can’t be opened;
  • Another message comes up demanding a ransom so the owner can get the decryption key.

What should consumers with computers running Windows do?

  • Read the reports from Mr. Cluley and US-CERT to learn more about the email formats so they don’t open the attachment;
  • Read their reports to understand the consequences either from paying or not paying the ransom;
  • Read their reports to learn how to pro-actively protect your computer — including backing up your files; and
  • Read the list of references in the US-CERT report which also includes links to Microsoft to learn more.

Cryptolocker is a major ransomware spamming scheme and consumers running Windows need to be aware, be alert and be pro-active.