News / Utah / 

Malware 'CryptoLocker' forces computer user to pay ransom for files

3 photos

Estimated read time: 2-3 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

SALT LAKE CITY — Cyber security experts say it's one of the most malicious threats they've ever seen. It's malware called CryptoLocker.

CryptoLocker, which has been around for a couple weeks, invades your computer and encrypts personal and business files worldwide, then demands a ransom to unlock them. Many people are paying.

"This is the ugliest thing I've ever seen," said Kathryn Linford with Stratus I.T. Group. "And I've been in computers since 1995."

What makes CryptoLocker so serious? Linford said once your computer is infected, you can get rid of the malware but you cannot fix the damage unless you pay.

"The only thing you can do is pay the ransom to get it back," she said.

Here's how Cryptolocker works: First, it locks you out of personal files, such as spreadsheets, music, and photos, by encrypting them using the same systems banks use. Then, a warning pops up saying if you want access to those files again you'll need a decryption key, which costs $300. It gives you 72 hours to pay up.

If you don't pay, the cyber criminals will destroy the key and you'll never regain access to your own stuff.

"This is a game changer. This is going to change viruses. This is going to change malware," Linford said.

If you can't pay up in the 72 hours and you still need your files, they're willing to give more you more time. But it will cost you.

This is the ugliest thing I've ever seen, and I've been in computers since 1995.

–Kathryn Linford

"Your ransom goes from two bitcoins to 10," Linford explained.

These criminals want to be paid in the unregulated and anonymous virtual currency known as Bitcoin. Ten bitcoins will set you back at least $2,000 right now.

"There are some people paying the money and not getting their files back," Linford said.

CryptoLocker disguises itself as a bogus document from a legitimate business,like FedEx or UPS.

To protect yourself, the experts have the same advice you've heard before.

"The best thing we can recommend is not clicking on links," Linford said.

Also, have up-to-date security software and back up your files regularly. Also, because CryptoLocker will affect any drive connected to your computer, disconnect your backup until the next time you need to access it.


Related links

Related stories

Most recent Utah stories

Related topics

Bill Gephardt


    Catch up on the top news and features from, sent weekly.
    By subscribing, you acknowledge and agree to's Terms of Use and Privacy Policy.

    KSL Weather Forecast