CryptoLocker Malware Warning

The Law Society of British Columbia has published a warning to members concerning a species of malware known as CryptoLocker Ransomware. The malware, thought to originate in Eastern Europe or Russia, infects your machine in the usual way, e.g. when you open a dodgy email attachment or other file; but then it proceeds to encrypt most of the files on your computer, eventually denying you access. The malware operators then contact you with an offer to decrypt your files if you pay a certain amount of ransom—often demanded in untraceable Bitcoin. Payment can result in the release of your encrypted files.

The BC Law Society memo contains a set of suggested practices that will help you avoid infection by this malware, which, according to some estimates, has infected upwards of 250,000 computers.

Because of the malware’s ability to spread once lodged within your computer, certain typical backup procedures are endangered. But without a backup system, of course, there is no ability to restore files should the malware operators fail to decrypt affected files. It would seem that a backup that lets you return to an earlier (and thus unencrypted) version of your files might be most useful in this context.

But prevention is obviously the best course of action. And given the high importance of the integrity files held by lawyers’s systems, it would seem not merely advisable but essential to obtain—and follow — the best professional IT advice possible about preventing the infection of your machines.


  1. David Collier-Brown

    And some law-enforcement advice about tracking the proceeds of crime: bitcoin is quite hard to trace[1], unless one wants to convert a significant amount into normal currency.

    For that, the kidnapper (data-napper?) will need to do some real-world money-laundering, in hopes of not being found by the unhappy person who paid them the (uniquely identifiable) coins.

    [1. see also