What is Cryptolocker?

Cryptolocker and its main variant Cryptowall is a relatively new malware / ransomware strain designed to extract funds from users of infected computers and computer networks. Cryptolocker’s current main attack vector is via email with an infected link or zip file contained within.Clicking on the link or trying to open the zip file typically results in many forms of office files and databases becoming encrypted and therefore unusable. Cryptolocker typically encrypts data on the infected machine’s local hard drive, C: drive, connected external drives, followed by any attached network drives that may be mapped on the users computer to which the user may have access.

Mitigation

Direct actions taken by users (Such as clicking on links or running files) will bypass any available Anti-virus software.This means that your vigilance is the best defence.

Recovery

Workstation recovery is usually achieved by formatting the machines local hard drive and reinstalling the operating system and applications. The workstation may be recovered from backup should a valid backup exist.
Server recovery may be as per workstation recovery when the server is access locally or files restored from a valid backup when server shared data is encrypted by an infected workstation.

In some cases it may be possible to use an unencrypting tool to recover data or alternatively pay the requested ransom to have the encryption key sent that may be used to recover infected data. Of course there is no guarantee that either of these methods will work.

The most reliable method of recovery is from a valid backup stored on a machine with no direct connection to the infected host.

Note that the most prevalent, current form of attack is via bogus email from Australia Post. delete these emails immediately and contact Australia Post by phone should you have business dealings with this company.

More info from Krebs Security.