Recently I received calls about a virus that was downloaded by office staff members at two businesses.
Unfortunately, for them they had already attempted to resolve the issue, for which their fate was sealed, and the files were not only locked but there was no chance to pay the ransom…. let me explain.
Cryptolocker is the latest virus to hit the headlines although this type of virus (known as ransomware) charges the infected victim a premium for access to their own material.
Over the last few years we have seen many of these viruses infecting computers, primarily Windows PC’s, via trickery through a carefully worded email imitating FedEx, UPS or USPS but other recent variants from various other service providers. Something like this, “we attempted to deliver your parcel today but you were not home. please click on this link below to confirm ” Sure enough the link will connect you to the bad guys and you are affectionately “owned”. at this point without any further warning they start to encrypt (lock up) your files. You can still see them, your computer will still run but when you try to open the file you are told that this type of file cannot be opened properly.
This virus places a three day time limit to pay the ransom or you will lose any chance to access your files. Currently it is $300 but some have reported different values.
In the two cases I have seen the following has occurred;
Case 1, the virus had infected all word, excel & pdf files on the internal hard drive and also the connected backup drive. This person had a lot of the material on his secretaries computer so did not opt to pay the ransom.
Inevitably we replaced the hard drive, reinstalled all software and any recovered data from another computer…… the ransom would have been cheaper but there is no guarantee that the files will be released.
Case 2, like the previous case it had infected the same type of files but the extent of the corruption was limited as I was able to get access to the computer soon after infection. Rapid response is the key to minimizing lose.
Recent numbers suggest 75% of victims that paid the ransom did indeed have their files unlocked of which some have reported reinfection. Speculation by the IT community at large is that perhaps the 25% of people that did not have their files unlocked failed one of the steps or let the 3 day timer run out or that their antivirus software had commenced eradication after the fact which left them high and dry.
Prevention is better than cure.
As an advocate for antivirus software I encourage users to have the latest updates and make sure your system is being scanned on a regular basis. Although you may have the best protection available some of these viruses and malware get around any protection so the end user needs to be careful regardless. Patch your system. What this means is that you should apply all updates from Microsoft or Apple but also have the latest Java and Adobe updates as viruses have found their way in through here.
Always have a backup. A backup means having more than one copy of your important data files. Get an external hard drive or subscribe to Carbonite (leading online backup company). If you do get infected unplug your backup drive ASAP and contact support for Carbonite as this virus will infect all those files as well.
One company, found at www.FoolishIT.com, has created a patch to block Cryptolocker where it is being deployed but in the end if the PC user allows the program to bypass the patch, then it will infect you regardless.
If you think you have the virus, disconnect the computer from the Internet, contact your antivirus supplier or seek the help of a reputable professional.
Jason Zammit, Calabasas Computers, 310-570-8256
