BitLocker vs CryptoLocker: Protection Guide

TL;DR

CryptoLocker encrypts your files and demands a ransom. BitLocker encrypts your entire drive, protecting everything. Use both! BitLocker is preventative, CryptoLocker is reactive. Keep backups, use strong passwords, and be careful with emails.

Understanding the Threats

1. CryptoLocker: This is a type of ransomware. It gets onto your computer (usually through email attachments or dodgy websites) and encrypts important files like documents, photos, and spreadsheets. You then get a message demanding money to unlock them.
2. BitLocker: This is a full disk encryption feature built into Windows Pro, Enterprise, and Education editions. It scrambles the entire contents of your hard drive so that it’s unreadable without a password or recovery key.

Why BitLocker Isn’t Enough on Its Own

BitLocker protects against someone physically stealing your laptop and trying to access the data. It doesn’t protect you if you let CryptoLocker onto your computer while it’s running.

• If you unlock BitLocker, CryptoLocker can still encrypt files as they are accessed.
• BitLocker protects data at rest; CryptoLocker attacks data in use.

Step-by-Step Protection Guide

1. Enable BitLocker: This is your first line of defence.
   • Press Windows key + R, type control panel and press Enter.
   • Go to System and Security > BitLocker Drive Encryption.
   • Choose the drive you want to encrypt (usually the C: drive).
   • Select how you want to unlock your drive (password or smart card – password is simpler for most users).
   • Important: Back up your recovery key! You’ll need this if you forget your password. You can save it to a Microsoft account, print it, or save it to a file.
   • Follow the on-screen instructions to complete the encryption process. This will take some time.
2. Keep Your Software Updated: Windows updates often include security patches that protect against new threats like CryptoLocker.
   • Go to Settings > Update & Security > Windows Update and check for updates regularly.
3. Be Careful with Emails: This is how most CryptoLocker infections start.
   • Never open attachments from unknown senders.
   • Don’t click links in suspicious emails, even if they appear to be from someone you know.
   • Look for spelling and grammar errors – these are often a sign of phishing emails.
4. Use Strong Passwords: A strong password makes it harder for attackers to access your computer.
   • Use a combination of uppercase and lowercase letters, numbers, and symbols.
   • Don’t use easily guessable passwords like your birthday or pet’s name.
   • Consider using a password manager to generate and store strong passwords for you.
5. Regular Backups: This is the most important step! If CryptoLocker does get onto your computer, you can restore your files from a backup without paying the ransom.
   • Back up your files to an external hard drive or cloud storage service.
   • Test your backups regularly to make sure they are working correctly.
   • Consider using the 3-2-1 rule: 3 copies of your data, on 2 different media, with 1 copy offsite.
6. Antivirus Software: A good antivirus program can detect and remove CryptoLocker before it encrypts your files.
   • Make sure your antivirus software is up to date.
   • Run regular scans of your computer.

What to Do If You Suspect a CryptoLocker Infection

1. Disconnect from the Internet: This will prevent CryptoLocker from spreading to other computers on your network and communicating with its command server.
2. Don’t Pay the Ransom: Paying the ransom doesn’t guarantee that you’ll get your files back, and it encourages attackers to continue their activities.
3. Restore Your Files from Backup: This is the best way to recover your data without paying the ransom.
4. Report the Incident: Report the incident to your local law enforcement agency and cybersecurity authorities.