Cryptolocker Ransomware Virus

Crypto locker

Computer Doctor warns of  Cryptolocker Virus

This changes everything in my book. At Computer Doctor we deal with all types of Virus infections everyday, this one demands proactive measures or many will lose their documents and pictures permanently. Scared? You should be, and here is why. Ransomware takes control of your computer, denies you access and demands payment to resolve the issue. Two examples are the Rogue antivirus programs which masquerade themselves as an Antivirus program and demand payment to remove the infection, of course the program itself is the infection and when you pay your credit card information can be hijacked and the infection stays. The other example is the FBI or Moneypack Virus. This also locks your computer and states that you have violated a number of federal regulations and demands payment to unlock your computer. These can be very real looking and I have dealt with a number of people who have “freaked out” when they saw this. We see these infections every week and have a number of strategies to restore your computer and keep your data intact.

The Cryptolocker is a horse of a different color. The infection encrypts your files so you can no longer access them. These file types include but are not limited to:
3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx 

The only way as of now to unlock the files is to pay. There is no way at this point to get around the encryption, it is a powerful tool  and when used against you there is no way unlock your files. Game over, do not pass go, do not collect $200. Yikes!

So how do you deal with it when it happens, at this point there are no simple solutions. If the files are encrypted it is too late, the virus will start a timer giving you X amount of time to complete the payment and get the key, If you do a system restore you will lose the chance to retrieve the encryption code and your files are locked forever. In some cases there are some decryption tools that may or may not help.

Frankly this is sickening, I hope this does not get as rampant as other infections because the potential is there for catastrophic damage to business systems and the personal memories we hold dear being placed in jeopardy.

Here is a segment  done by our friends @ TWIT that spells it out :

Email is still huge entrance for many viral infections, recently particular client of ours recently opened the email, and clicked the download attachment link because the client was actually expecting files to be sent via email to him. It’s an especially dangerous situation in a business atmosphere, where the majority of the work is being completed on computers.

One client who became infected stated an email arrived claiming a file being was enclosed via Xerox file transfer, which most likely does not exist, or is not widely available to the public.  This is the first sign of trouble, never click a link in an email that is vague, or is delivered via an “outside” third party with no personal name attached to it. Be wary of emails containing claiming to contain tracking information, reports have stated that UPS,FEDEX and DHL were named in bogus email containing cryptolocker in the message.  If this occurs in your email, delete it immediately. Don’t be duped by bogus emails, be careful of all emails, even ones from people you know. File attachments are still the number one source of email based virus infections, read and think twice before you open any email attachment. We have also heard of emails that contain pdf files and are described as customer service messages or reports. Clearly this is targeting the business sector who has deeper pockets and a greater potential of revenue loss from data loss. This is one of many ways the virus is finding it’s way into your system.

The only way to protect your data is via a cold back up. An external drive needs to be connected and all files that need to be safe should be copied onto the drive and then the drive disconnected from the machine. Unless this is done there is no way to be 100% sure that your data is safe. Online back up programs can copy and replace your known good files with the encrypted ones, you won’t know the damage is done until you try to open them and how often do you open older documents and pictures, the encryption process is hidden until complete and then the ransom appears. These infections can run rampant through a network and encrypt files on your server and jump to other workstations. A nightmare!

There are variants to every virus, some of these can be hoax’s and not encrypt anything, some will work as planned and by paying you will be sent a key. The worst situation is your files will be encrypted and you pay and don’t receive the key.

Here is our current recommendation:

  • Purchase an external hard drive and back up all your files ASAP, if you need help contact us and we can take care of this for you.
  • Make sure your operating system is up to date and all web players and software packages are updated, java,adobe flash, etc.
  • Make sure your antivirus program is updated and actively scanning your system.
  • Make sure you have a firewall installed.
  • Think before you click a web link or open an email.
  • For business users, how are you protecting your data and do your employees have the access to infect your network by accident.

If you see the cryptolocker icon appear on your desktop, do not ignore it! Disconnect the computer from your network first and then call a professional for help and guidance. We will update the blog with more information as it becomes available. Please call or email with questions. Back up now, this is not to be ignored!