CryptoLocker disguises itself as a pdf or zip file attached to an email. When the attachment is clicked, the virus installs itself into the user area of the Windows registry. This area does not require administrative access to run. And so the virus bypasses our regular security.
Once the malware is installed, it scans all drives attached to the user’s computer (including network drives such as department shares) and systematically encrypts the files so that they are no longer readable. The program then prompts you to pay a “ransom” usually about $300 to get a key to decrypt the files. The funds are collected in offshore accounts, and are beyond the reach of U.S. laws.
To combat extortion, service providers are shutting down the key servers as fast as they are popping up on the Internet. This could result in a user having encrypted files, paying for a key, and not having access to that key.