How to Use CSSB to Recover from CryptoLocker and Other Ransomware

• This article is for Windows only

Summary:

CryptoLocker is a virus that essentially holds your files hostage and demands a ransom to get them back. There is no guarantee that paying the ransom will unlock the files. CryptoLocker, its variants, and other ransomware are completely illegitimate. They encrypt your files without your permission, making them inaccessible until they are decrypted. Only CryptoLocker has access to the keys required to decrypt the files it encrypts.

However, CryptoLocker (and other similar ransomware) can easily be defeated with CSSB by restoring the files from a backup taken before the system was infected.

The concept of holding items or people for ransom has an unfortunately rich and deep criminal history. In this digital age, the idea has been extended to the files on your computers, servers, and gadgets. CryptoLocker is, to date, one of the most efficient pieces of ransomware ever made. It's simple and devious.

The original version of CryptoLocker does the following:

1. Silently infects your machine(s).
2. Begins encrypting your files, including those on network shares.
3. Displays a notification demanding money to decrypt your files. This demand only appears after encryption is complete.
4. Places a time limit on how long you have to pay.
5. Deletes itself, but does not decrypt your files.

The original CryptoLocker targets Office documents, pictures, and other files that are typically associated with content and not necessarily those required to run various programs and applications. For example, infected users can still load Microsoft Word, but they cannot open their Word documents.

No antivirus product (or any other product, for that matter) will be able to decrypt your files once they are encrypted.

Once your files are encrypted, your options are very limited. The encrypted files cannot be decrypted without CryptoLocker. Re-infecting yourself does not reset the timer. If you do not pay, your files are permanently locked.

In most cases, only two options are available: restore unencrypted files from a backup, or lose the files forever.

Restoring With CSSB

Restoring older versions of files is simple with Carbonite Safe Server Backup. CSSB will try to restore from local backups first and will fall back to restoring from the cloud if there aren't any local backups available.

Most CryptoLocker variants do not target the types of files that CSSB creates for backup, but even if your local backups are damaged, your cloud backups are safe and sound.

Solution:

Follow the steps below to restore with CSSB:

1. Navigate to the Restore page and select the backup set you wish to restore.
2. By default, all files from your most recent backup will be selected for restore.
   • Use the Select items in this backup set option if you wish to restore just some files.
   • Use the Browse or Search options if you wish to restore just a single file or folder.
3. Click the link for Select a different backup run to choose from a date and time before you were infected.
4. Review your restore settings. Here, you can choose where the files will be restored and how to handle restoring files that already exist (among other options).
5. Click Continue and confirm your choices when asked to do so.
6. Click Start My Restore to start the restore process.

Once the restore has been started, simply sit back and wait. CSSB will restore your files in the condition they were in before being infected. You can be back up and running in a short time, without paying a ransom, and with minimal interruption.