Cryptolocker malware – how to recover your data.
This week there has been extensive coverage in the media regarding the CryptoLocker malware. Finally, it seems that progress has been made regarding a halt on the network which distributes the malware. For many people, this will have been the first time that they have been made aware of such malware.
CDR has written previously on this as we receive in the HDDs which have been affected, and in some cases we can recover the data successfully. The first instance we received in for data recovery purposes was in January 2013. It was a different variant, which used WinRar to encrypt the data and add a password, and then securely deleted the original data. This particular version would request as much as $5000 USD to be sent to a Liberty Reserve account.
Should I pay the ransom?
If your data has been encrypted by either type of Malware then CDR can confirm that there is no way to decrypt the data. For many paying the ransom fee has not resulted in receiving their data back. It is, however, possible to recover data from your hard disk drive without having to decrypt the malware affected files. This involves making use of the volume shadow copy service (VSS). It is important that if you become aware that your computer has been affected by the Malware that you turn your computer off immediately and do not re-power it. Please contact us for advice if you have been subject to a malware attack resulting in data loss.