How to keep your files safe from CryptoJoker

A new form of ransomware called CryptoJoker was discovered in January 2016. It uses the AES-256 algorithm to encrypt victims’ files and then demands a ransom for their release. CryptoJoker affects computers running Microsoft Windows operating systems.

Although CryptoJoker is not widely distributed at this time, security experts have started warning people about it. Besides using a strong encryption method, it targets 30 different types of files and deletes any shadow copies of them. As a result, victims have only two options to get their files back: recover them from a backup or give into the attackers’ demands. Even if the victims do pay the ransom, there is no guarantee the attackers will provide the decryption key and decoder needed to decrypt the files.

Since backing up files is a lot cheaper and less hassle than paying a ransom, now is the time to back up your files. There are also other measures you can take to avoid becoming a victim of CryptoJoker. To understand why those measures are important, you need to know how this ransomware works.

How CryptoJoker Works

The CryptoJoker attack usually starts with a phishing email that tries to get the recipients to open a CryptoJoker installer disguised as a PDF file. If the email recipients open that file, the installer downloads or generates the executables needed to carry out the attack.

CryptoJoker then scans the computer drives, looking for 30 different types of files, including PDF files, text files, Microsoft Word and Excel files, and image files (e.g., JPG, PNG). After encrypting those files, it appends “.crjoker” to their file extensions. For example, a file named “BusinessForecasts.docx” would become “BusinessForecasts.docx.crjoker”.

The ransomware also performs other malicious acts, all intended to make victims pay up. For instance, it deletes any shadow copies made by Windows’ Volume Shadow Copy Service so that the victims’ files cannot be recovered. Plus, CryptoJoker terminates several processes so that victims cannot run Windows Task Manager or the registry editor. Finally, it displays a popup box with the ransom note.

How to Avoid Becoming a Victim of a CryptoJoker Attack

To help prevent a CryptoJoker attack, you can take several measures:

  • Do not open any email attachments that you are not expecting. If the email is from someone you know, check with that person first before opening the attachment.
  • Do not click any links embedded in emails sent from unknown sources. Even if you know the person who sent the email, check the link before clicking it. Hover your cursor over the link to see the address of the website that you will be taken to. If the website address seems suspicious, perform an online search to see if it is associated with any cybercrimes.
  • Use anti-malware software.
  • Back up your files regularly. Although this will not prevent a CryptoJoker attack, it can mitigate the effects of one.

What should you do if you become a victim of CryptoJoker? Assuming that you have backups, you will need to first remove the ransomware from your computer and then restore your files from a backup made before the attack. These are complex processes, so you should enlist the help of MicroAge!

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

How to increase a company’s productivity with the help of the IT department

These days, information technologies offer employees greater mobility. In competitive markets that require exceptional customer service, they can not only help make the difference by…

Read More

How to control costs with good IT decisions

Good IT Decisions Today Can Lead to Great Cost Reductions Tomorrow Adopting cloud services and implementing new IT tools can save your business costs, but…

Read More

What is a Cyber Security Audit?

A cybersecurity audit is the most effective tool a business can use to assess their cybersecurity policies, procedures, and overall network effectiveness. An audit will…

Read More
IT technicians in a data center consulting a laptop

How Can External IT Support Technicians Help Your Business?

While the term “IT support technician” can be used to refer to a wide variety of different roles and responsibilities, broadly speaking, IT support technicians…

Read More

How the Internet of Things Is Changing Cybersecurity

The Internet has radically changed society over the last few decades. It will continue to shake things up in the years to come as consumers…

Read More