Computer Doctor is working to protect your Windows based computer system from a damaging new virus outbreak. First identified in September, CryptoLocker is a type of ransomware which, once embedded in your system, rapidly encrypts data files. Your pictures, documents, emails, spreadsheets and other critical files are effectively scrambled, permanently, unless the ransom is paid. Reports have quoted ransoms from $100-$700 payable through Western Union Moneypack, a favorite of Malware scammers. Newer variants are now demanding payments in Bitcoins whose value fluctuates wildly. While the virus itself can be removed, the encrypted files cannot be restored. Depending on the variant, shadow copies stored within the infected drive can be rendered useless, system restore and file versioning are also failing and the virus can spread to other systems on the same network, mapped drives, NAS and USB drives.
The best defense against CryptoLocker is a full backup of your system or, minimally, your crucial data files. This backup needs to be kept disconnected from the live system to prevent contamination should your system become infected. Backing up is best practice and should be your first line of defense. The big issue with anti-virus programs is they may pick up the virus too late. Once the virus has encrypted your files, a splash screen launches and gives a link to facilitate payment. The anti-virus program can detect and remove the virus and you can lose the link to complete the payment. A new “service” has been launched that in certain situations can reconnect you to the malware server and give you the ability to decrypt your files, presently this service is provided for $2000 or a similar bitcoin amount.
New methods of protection are being developed to try and prevent the virus from launching. One method detects that the encryption process is initiating and kills the process and notifies you what has happened. The other one relies on modifications of group policy which blocks unknown processes from launching in vulnerable portions of the Windows file system. Utilizing a whitelist to enable known good programs such as java updater and Spotify, among others, these programs prevent CryptoLocker and many other malware programs from ever launching.
Computer Doctor will be offering a solution based on the group policy and white list approach over the coming days. This program can be installed and configured by our team remotely. The process involves scanning your system for infections prior to installation, whitelisting known good programs currently installed, and then configuring the software for your particular computer and software packages.