Maybe setup a virtual machine for surfing and reading email.

Is there a relatively easy way to do this?

Depends on the value of "easy" involved.

https://www.virtualbox.org/ is a free and very easy virtualization program.

There are a number of Linux-based LiveCDs which can be used to run in it, very easily. Knoppix used to be the best known: http://www.knopper.net/knoppix/index-en.html

Many instructions on running a LiveCD in Virtualbox out there, here's the first relatively friendly one I can find, there are probably better out ther:
http://www.kombitz.com/2009/10/16/ho...on-virtualbox/

I received a very timely email today from Webroot. I must have had their software many years ago. [Please note: I do not work for this or any other software or hardware company. I am merely sharing this information.]

It refers me to a page headlined CryptoLocker Malware: What you still need to know.

Here is the point of interest to this thread:
Reactions? Thoughts?

And now for the bad news:
Would you buy this?

I wonder if they put a control file on your computer to back out the encryption key in the event of an infection.

To be fair the problem is not that Outlook doesn't show file extensions (it does) but that Windows Explorer by default does not.

You'd see the file was a .zip in Outlook, then download it and extract it. Then looking at it in Explorer, you would not see that the extension was .exe rather than .pdf (unless you had specifically unhidden file extensions).

This is a rather nasty bit of malware though, quite malicious.

I used to use their product "Spy Sweeper"; some of the changes to their licensing and functionality turned me off, and I stopped using it. As this was all on XP pre-Vista, and thus 7+ years ago, I don't remember what the deal was.

There are a number of journaling local backup products; it sounds like roughly what they're offering.

I know a couple of people who used to swear by Norton GoBack, but it's no longer sold and was never updated for Windows 7. Some discussion of newer ones: I think I've heard of "Rollback RX." http://community.spiceworks.com/topi...windows-7-or-8

One of the very first things I do with a new computer is turn on extensions in Windows Explorer.

Yes. Ditto showing hidden files.

Both are very bad defaults, and fixing them is something I'll do within a few minutes of sitting down at a machine (even someone else's.)

Absolutely on hidden files. Agree. Should have mentioned.

I can mildly sort of understand why MS would default to not showing hidden files, but never did understand the justification for thinking "regular" users should default to not seeing the actual file name and extension.

The justification was that back in 1995, Macs didn't have file extensions, and it was seen as a more user friendly solution -- despite being annoying on old Macs.

And CryptoLocker will just as quickly encrypt your USB hard drives. And mapped network drives.

Not to mention an external hard drive might safeguard against drive failure, but not physical disasters such as your house burning down.

So truly enlightened Earthlings will have a fairly more robust backup system. ;)

IMHO, this is really the Right Answer.

Unfortunately, making backups is one of those lessons that most (if not all) human beings have to learn the hard way, through the painful, repeated loss of data that they care about. When people tell me that they have lost their phone and need my number again, that tells me that not only have they not backed up their phone, but they probably aren't backing up their laptop or desktop, either, and I can expect a call from them when their hard drive eventually fails.

Due to my interest in computers at a very young age, I learned this lesson decades ago (anyone remember cassette tape storage?) and have developed a multi-tiered system of backups which ensure that no single loss is catastrophic. (For example, most of my important data exists in 3 or 4 different physical locations not all connected via a network.) There's no way to prevent all loss, but I figure that if a meteor takes out the entire western seaboard, I'll have bigger problems.

No, it's not easy, and it's not simple. But backing up the data you value is the best way to guard against not only ransomware, but against a lot of other stuff that can happen to your data. I just wish there were a way to get folks to learn from the mistakes of others instead of learning it the hard way, as I had to do.

here is a link to a youtube video explaining what Crypto locker is by the host of Security Now on the twit network: https://www.youtube.com/watch?v=qBXrncdEifo

Perhaps. I wasn't suggesting USB external drives as the ideal solution. I was rebutting the OP's argument that most people don't perform daily backups because it's too expensive and/or too much work.

My backup solution is certainly a little more complex. I work out of a remote office where I manage and maintain several physical PC and laptops, as well as a dozen or so virtual machines. Thus USB drive backups aren't practical for my architecture for several reasons.

I use MS Server 2012 Essentials to backup all client machines (physical and virtual) daily to mirrored drives on the server. The mirrored drives on the server are periodically backed up to an additional drive on the server, which is periodically swapped with another drive stored off-site. This solution also supports automatic backup to Microsoft's cloud, but I'm not currently using it. Once I set the system up my only incremental effort is to periodically swap the server backup drive with it's off-site partner.

Is that enlightened enough? This is an open invitation to all to suggest improvements or alternatives if you see any holes in my strategy.

Amen. Been there. Done that. Lesson learned.