Can CryptoLocker Infect Shared Drives, Files, PCs?

Infopackets Reader Michael C. writes:

" Dear Dennis,

I have a USB drive attached to my router. This drive is shared by several computers through the router on my home private network. My question is: if one of my computers became infected by a file locking virus such as CryptoLocker, would the network drive or the connected computers become infected or encrypted? If so, is there a way to prevent this? "

My Response:

It is possible for a virus to self replicate and infect other computers on the network, but that depends on the type of virus. At the time of writing, CryptoLocker is not a self replicating virus -- meaning it will not seek out and infect other computers on the network.

That said, viruses like CryptoLocker will scan the local hard drive as well as remote shares -- including your USB drive attached to the router -- in order to encrypt any and all files the virus has read / write access to. In other words: if a computer on your network becomes infected with CryptoLocker AND your network drive is accessible on that computer AND the network drive has read / write access, then the network drive can become encrypted.

How to Prevent Network Drives from being Encrypted

You can prevent network drives from becoming encrypted by CryptoLocker or any other file encryption virus by setting the shared resource (network drive) as having read only access. By doing so, all shared files will remain protected from unauthorized changes. There is a major caveat to read only access, however: you will also not be able to make changes to any files, such as modifying a document, for example.

Nonetheless, instructions on setting a shared resource as read only vary by device; in your case, that setting is most likely adjustable via your router's administration control panel (usually accessible via the web browser). If you use Windows to share a folder or drive on your network, you can right click the folder or drive on the host computer, go to the Sharing tab, and then change the permissions to read only access for Everyone.

What to Do if You've Become Infected with an Encryption Virus

The general rule of thumb is: don't pay the ransom to decrypt your files. Some 'infections' are nothing more than scareware designed to dupe you into paying out a ransom. Others, like CryptoLocker are the real deal and will in fact encrypt your files. You can try and remove the virus (depending on which virus you are infected with) by scanning your hard drive from a clean environment. I've written a step-by-step article on how to try and remove viruses like CryptoLocker if you've been infected.

How to Prevent Infections of CryptoLocker and Similar

You can protect yourself from file encryption viruses by making backups on a regular basis and by keeping your antivirus up to date with real-time scanning enabled. If your computer becomes infected despite the antivirus protection, you can revert your files by restoring a backup. Disk image backups are by far the most robust backup as they will protect your operating system as well as personal files. It's important to backup your operating system, too, as the virus propagates or encrypts its files through the operating system. Simply restoring your personal files from a backup won't rid you of the infection; however, reverting both your operating system and personal files will remove the infection completely.

Additional Support: From Dennis

If you need additional support in setting up a robust backup or help with setting your shared network drive as read only, I am able to assist you over remote desktop support. Simply contact me using the contact form and we'll set up a time to meet and discuss your options.

Got a Computer Question or Problem? Ask Dennis!

I need more computer questions. If you have a computer question -- or even a computer problem that needs fixing -- please email me with your question so that I can write more articles like this one. I can't promise I'll respond to all the messages I receive (depending on the volume), but I'll do my best.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.