We posted a new virus alert recently about a particular family of viruses going around called Cryptolocker. The virus is still going strong, so we thought we should give you a little more information. It’s good to know (and share), unless you have an extra $100 to $300 worth of ransom money to grudgingly blow in an attempt to get your files back.
This strain of malware encrypts the files on your computer. It attacks your Word documents, PDFs, spreadsheets and more. Once encrypted you’re unable to access, much less open or use them. What you do get is a malware-generated pop-up ransom note, so to speak. The message demands payment of a couple hundred dollars in exchange for your files back. Allegedly in exchange, you receive a key code that unlocks your encrypted files again. What really happens is that you’re out your ransom money and your files. More often than not, the decryption key is never sent.
This virus is particularly dangerous as the emails to which they’re attached are credible. Upon opening, recipients unknowingly put business-critical files at risk. To date, most antivirus solutions do not catch the quickly evolving variants of Cryptolocker, and there is only one way to avoid losing access to your files forever if the virus infects your system.
Are you thinking, “I’d never fall for something like that. I’m impervious to such ridiculous demands. I’m smart enough never to open a spam email, much less click on a suspect link”? Well, think again because there are some very tech-savvy, overly cautious professionals out there who’ve lost every single one of their files to Cryptolocker. Imagine having to explain that to your clients and patients who’ve entrusted you with their private information!
Cryptolocker and its subsequent ransom demands arrive inconspicuously as an email with an irresistible and very believable subject line. An authoritative industry agency or bureau is investigating one of your coworkers, partners, colleagues, etc. For law firms, it might appear to be from your state’s bar association. For doctors, it may be the state medical board or an attorney. For accountants, perhaps it’s the IRS. For others, it might be as common as a delivery notice from a well-known shipping company.
Given the serious nature and consequences of such an investigation or package, the email recipient clicks the link that promises to give more information regarding the “official inquiry.” And there you have it. You’ve opened the door, and the virus is unleashed to encrypt any data it can find.
A ransom note pops up, adding insult to injury. Want your files back? Sure. But you can’t leave unmarked bills in an envelope by the side of the bridge, right? No, you’re instructed to cough up $100 to $300 paid through a PayPal or Bitcoin account. Then and only then will you be sent a DEcryption code giving you back your ENcrypted files and data. You’re also given a deadline to pay up – a couple of days max. The same payment account is never used twice, making it tricky for authorities to track. Most victims never see the code. Or their files again.
Now what happens? Are your business-critical files and private data gone for good?
Cryptolocker is keeping antivirus software companies and other authorities on their heels working on a solution. They’ve been unsuccessful as of yet due to the nature of the file encryption method used. Obtaining the decryption key needed to reverse the damage is extremely difficult if not impossible. Currently, there is no way to repair infected files other than restoring them from a backup.
So you hope and pray that your files have been backed up in the cloud or on an external server somewhere. Backing up on a hard drive connected to your computer does not protect you from this malware as Cryptolocker searches out and encrypts ANY data in its path – a path that leads directly to your hard drive too.
Reminding users to back up their files on the server and network once they’ve had their files kidnapped is only rubbing salt in the wound. But it’s also the best precaution to take against malware like Cryptolocker. So we’re going to say it anyway: Back up. Back up. Back up your files at least once a day – more, if possible, to avoid loss of your most current data.