A new kind of Ransomeware: You will want to know about this one

The concept of Ransomeware is that a virus takes control of something on your computer and demands a payment to give control back. It is not that new of a concept, but there is a new version of this out now called Cryptolocker which is *really* nasty.

The current version of Cryptolocker will infect a machine through a corrupted email attachment or website link. Once the machine is infected, the user will not notice anything different at first. Behind the scenes the Cryptolocker malware is encrypting files; and it will attempt to encrypt data files on every data drive that it can find on the system. This includes network drives and mapped drives and external drives and to some extent even cloud based drives. I will explain.

Now many will think that online backups or cloud based drives would be safe because they are not physical drives to the computer. That would be true except for the automatic synchronization facter that many of these Cloud Based Services use. When Cryptolocker encrypts a file on the main drive and there is an online backup or synching cloud drive monitoring that file store, it is possible that the online store will see that encryption as a change in the file and will then resync which would replace the previously good copy on the online storage with the encrypted copy. If your online backup service or cloud drive service has versioning please turn it on immediately, and it may save you.

Back to the infection. Once Cryptolocker has completed encrypting all the data files (not the program files so windows still runs), it will then throw up a message on the screen saying that your files are encrypted and that for $300.00-$400.00 you can buy an unencryption key that will allow you to unencrypt them. Of course we are dealing with criminals here and there is no guarantee that paying will actually restore your files, and even if it does, you would be paying criminals. There is also only a limited time to pay, maybe 72 hours and there is a countdown timer presented. The encryption key needed to unencrypt your files is not on your machine; but on a random web server somewhere on the Internet and so while removing the Cryptolocker malware is pretty easy, there is actually NO WAY to unencrypt the files without obtaining the right encryption key. So cleaning the virus off does not help in this case, and actually harms if you decide later that you do want to pay and hopefully get that key.

The only 100% defense against this is to have a complete backup of all of your data, EMail, Contact and Program Installation and license key files; and this backup needs to be NOT ATTACHED to the computer (or else Cryptolocker may be able to kill it as well). Easiest way to do this is to use and external drive and then unplug from computer when finished, but then you have to remember to plug it back in to do another backup and it would be really difficult to run automatic backup in this setup. If you have cloud backup then turn on versioning so that previous versions of important files are kept for a time.

I know not the easiest solutuion, but many users when hit with this thing have to weigh the value of all of their data files against $300 or $400 and the data files usually win and people pay. Welcome to the Internet where someone can extort hundreds of dollars from someone they have never even met and who lives thousands and thousands of miles away from the perp in another country.

If you do not have a current backup of your data files, your emails and contacts, your favorites and your program installations and license keys, NOW would be a really good time to do that. While this initial version of Cryptolocker does not infect via security holes in java or other popular software, it is only a matter of time before a varient comes out that can infect that way, and when that happens WATCH OUT! Because most folks do not really understand how to plug the security holes in their computer.

Want us to check it for you on a proactive basis? Then we recommend Awesome Care. Once we have done our thourough check on your machine, we can share with you your risk of getting infected by this or something like it in the future. Either way, please make sure to backup your files!

Joseph

Leave a Reply