CryptoLocker Virus Warning

I have noticed a significant rise in the amount of viruses over the last 6 months or so.  Not just the number of infected machines but in the depth of the infections.  I used to see machines that would have maybe a dozen or so infected items such as files, registry entries, programs, or other items.  Recently I have been seeing machines with 500 to 750 infected items.

But that pales in comparison to the machine I worked on today.  It was infected with a virus called CrypoLocker.  What makes this virus different and frankly scary it’s insidious ability to encrypt files on your computer.  So once the virus has been removed from the computer your files are unusable.  They are encrypted with no way to unencrypt them.2013-10-15 09.36.11

This virus falls under a general category of “Ransomware”.  Meaning, a screen pops up and requires you to put in a credit card number and pay $300 to have your files unencrypted.  It also gives a date and time that your private key will be destroyed after which your files will never be recoverable.

This is the boldest, most outright and destructive fraud I have ever seen.  It is not trying to trick you, pretend it is some virus removal tool, or make you believe the FBI is on to you as other ransomware viruses do.  It is outright saying –you are infected, pay the ransom or lose your files.

And the scariest part is they are telling the truth in terms of losing your files.  I verified it and saw it with my own eyes.  The files were truly encrypted in a manner that can not be recovered.

So now you ask, what can you do?  Here are my strong recommendations:

  1. Make sure you have a backup.  Once you are infected with this virus it is too late to recover the files on your computer.  The best backup is an offsite or cloud backup.  Your backup service must have retention.  Meaning it needs to make a new backup set each time.  If you simply write over the previous backup then if you complete a backup after the infection occurs then all the files in your backup are now encrypted rendering it useless.
  2. Never give one of these sites your credit card!  As scary as this is, if you give them your credit card you have done two even worse things…rewarded and encouraged the criminals to continue and given your credit card to an admitted criminal who will likely pass that information on.  And there is absolutely no guarantee that you will get your files back anyway.
  3. Be sure your virus software is up to date and that your machine is receiving updates from Microsoft Update properly.
  4. Know what you are downloading, know the sites you are visiting are clean, and don’t click on links in emails that are questionable.  These types of viruses can come into your machine through any of theses mechanisms.

The creators of viruses continue to devise new ways to trick us into accepting the virus on our computer.  And that is generally how it happens is through human intervention.  Meaning, you, the person operating the computer is tricked into allowing the virus past any firewalls or security software.  It is a never ending cat and mouse game between the creators of viruses and the virus and security companies with no end in site.

If you are infected with this or any other virus, please call.  If you don’t have a backup I may not be able to recover your files but I can get rid of the virus.

If you don’t have an adequate backup, please call.  Or you can get started with my recommended solution by linking here:  1 Network Services Online Backup

Please call if you have any questions.  I am here to help and want to make sure everyone has all the information you need to keep your data safe.

Brian

1 Network Services

720-287-4647

Posted in Blog.