You'll Pay
To fully bake a cryptolocker pie, you have to do a lot of things wrong.
The cryptolocker virus infects your computer and quickly encrypts all of your files, so that you can no longer open them under any circumstance, unless they are first decrypted. Once the payload is complete, the criminals that developed the system offer you access to a sophisticated process that might decrypt your files for you, at a price (using Bitcoin).
How much failure do your systems have to suffer for you to wind up in such a bad situation? To bake the festering, poo-filled pie that is a full-on cryptolocker infection, you'll need many ingredients.
Ingredient 1: You'll need an email server willing to send you infected executable attachments.
It is either a very bold, or very uninformed, or very oblivious business administrator that still allows their email server to deliver executable attachments in any form. It has been advised for decades to block these attachments.
Ingredient 2: Your perimeter security solution will have to totally fail to spot the incoming threat.
The device providing security at the edge of your network (for most people, this is what they know as their firewall) will either have to have no antivirus capability (many don't), or will have to get outmaneuvered by the bad guys who will sneak the file into your network undetected.
Ingredient 3: Your desktop security solution will have to totally fail.
Your computer's software antivirus would not only have to fail to recognize the incoming infected email attachment as a threat, but it would also have to fail to prevent you from running the infected program, and then it would have to fail to prevent the program from successfully using your computer to contact the bad guys to fully deliver the payload. Your antivirus would have to fail both on the coming and going side.
Ingredient 4: Your user education program will have to be proven completely ineffective.
You will have told your email users not to open attachments that they weren't expecting. Your users will have to completely ignore your instruction, for some reason.
Ingredient 5: Your perimeter security solution will have to totally fail, a second time.
Your intrusion prevention system, which is sometimes an independent system but is sometimes running in your firewall (if it exists at all), will have to somehow miss the virus loudly and constantly calling out to Russia or China or wherever the bad guys are, and it will have to allow those messages to go through unmolested.
Ingredient 6: Your backup solution will have to totally fail.
Once your files are encrypted, your only choice is to restore the encrypted files from backup. Synchronized cloud storage is not backup - all your crapified data will just synchronize to the cloud, and you'll just have a crapified cloud. The actual historical copies of your impacted data will have to, for some reason, be totally missing or unusable for the poo pie of cryptolocker to be fully baked.
It is only after the efficacy of all these apparently formidable systems has just completely evaporated that you will be left with the prospect of paying criminals for the chance to regain access to your data. Enough people are choosing this route that technologists are looking back on the days when viruses simply made it hard to use your computer with some nostalgia. Why would future viruses merely inconvenience people when they can be used instead to safely extort thousands of dollars from them? People are paying the ransom.
And it won't be the last time they'll pay.
Let's talk about this post on Twitter, or join the conversation on Reddit.
Technology and journalism in San Diego.