Ransomware Strains: All About CryptoLocker

By Courtney Heinbach

Cybersecurity preventative measures have become increasingly more necessary as organizations around the world face rising threats. While there is, unfortunately, no foolproof way to protect against ransomware attacks, there are steps managed service providers (MSPs) can take to educate their clients about the various ransomware strains that could drastically impact business operations.

According to our annual State of the Channel Ransomware Report, MSPs report that CryptoLocker is the top ransomware variant impacting clients. Your clients’ employees may not have heard of this particular ransomware strain (or any others for that matter), so the best thing you can do is help them understand the basics.

What is CryptoLocker Ransomware?

Some of the earliest strains of ransomware can be traced back as far as the 1980s with payments demanded to be paid through snail mail. Since ransomware has developed, most hackers will now charge the ransom in cryptocurrency such as Bitcoin, or by credit card. Fortunately, with technology, as it stands today, paying the ransom is not your only option when it comes to recovering your data.

CryptoLocker ransomware emerged in 2013, infecting over 250,000 devices in its first four months. CryptoLocker encrypts Windows operating system files with specific file extensions, making them inaccessible to users. Once files are encrypted, hackers threaten to delete the CryptoLocker decryption key that unlocks files unless they receive payment in a matter of days in the form of Bitcoins, CashU, Ukash, Paysafecard, MoneyPak, or pre-paid cash vouchers.

How to protect clients’ devices against Cryptolocker

For MSPs, client education is key, along with antivirus, email filtering, and other ransomware prevention tools. CryptoLocker is primarily executed via phishing emails with malicious attachments, so MSPs should prioritize educating their clients on how to identify a phishing attempt.

CryptoLocker is often executed via phishing emails mimicking Microsoft, Autodesk, FedEx, and UPS and targets users in the US, UK, Australia, Canada, India, and across Europe and Asia.

How to identify an infection

As an MSP, you’re managing endpoints in the hundreds or even thousands. With remote monitoring and management (RMM) software like Datto RMM that has native ransomware detection, you can stay ahead of the infection with automatic notification of the presence of crypto-ransomware. From there, Datto RMM automatically isolates the impacted device and attempts to kill the ransomware infection.

How to recover from a CryptoLocker attack

Decryption tools are not always available and even if they are, they can be slow and unreliable. The most effective way to recover from a ransomware attack of any kind is with a business continuity and disaster recovery (BCDR) solution.


For MSPs, offering your clients a reliable and proven business continuity and disaster recovery solution along with cloud-to-cloud backup and restore for SaaS applications is critical to ensure continuity of business operations with ransomware on the rise.

Suggested Next Reads