Extremely Dangerous CryptoLocker Virus Continues To Spread
We continue to get reports that the CryptoLocker virus is becoming more and more active. This is an incredibly destructive virus that encrypts all of the data on your system, and then demands a ransom to give you your files back. Recovery without paying the ransom is for all practical purposes impossible. Please make sure you are backing up your data, and that you routinely test those backups!
The most recent infections include:
- Kansas police department - all data lost, no computer systems for a week.
- Small business in Florida - all data lost - no backups. The company will probably go out of business.
- Large accounting firm - all data lost. Their IT administrator failed to routinely to test restores on their backups and discovered he had forgotten the password to the encryption on the backup system, making all of their files unreadable. Twenty years of client files are gone.
Prevention is the key
CryptoLocker currently spreads via three known methods:
- Fake email that looks like it comes from a customer support representative from UPS, Fedex, DHS, Amazon, BBB, etc. The emails contain an attachment or possibly a link to a hacked website.
- Hacked websites that attempt to exploit vulnerabilities on your computer to install the infection.
- Through Trojans that pretend to be programs allowing you to view online videos (typically, but not always, pornographic websites). Sometimes it will look like a simple PDF attachment or even a picture
What CryptoLocker Does
Once your computer is infected, the virus scans your computer and ANY NETWORK SHARED DRIVES IT FINDS for common business type files (Word, Excel, PDF, etc.) and encrypts them.
This renders them impossible to open unless you “purchase” a decryption key from the hijackers. The “fee” can be thousands of dollars.
This specific form of malware/ransomware is much worse than others because even after it is removed from the computer the files that were encrypted cannot be unlocked. There have been some reports that paying the “fee” (ransom) has resulted in the files being decrypted, however, there is no guarantee.
Also paying the “fee” (ransom), depending how that is done, could lead to identity theft.
Preventing CryptoLocker virus infection
This nasty virus is spread by opening email attachments or through other “social engineering” means.
Spam/Virus filtering such as ours and others are aware of the threat and actively block emails that contain elements of this and other malware.
If you believe you have received an email that contains malware, do not click on any attachments or links.
The best thing you can do right now to avoid getting a CryptoLocker virus infection is to make sure you, as well as your staff, are aware of the threat and extremely careful with opening email attachments.
Please follow these basic preventive measures:
- Do not click on attachments in emails from someone you don’t know or companies from which you haven’t expressed interest in receiving information.
- Do not click on links, advertisements or pictures that pop up on your screen when visiting other websites.
- Do not respond to unsolicited emails.
- Do not engage in social media games or click on links that appear on social media platforms.
- Do not disable security settings such as antivirus, firewall, filtering, and site monitoring programs.
- DO have a proper backup solution already set up. This is critical to recovery should you fall prey to this. PLEASE NOTE! Some simple or improperly-set up backup solutions such as flash drives, USB hard drives, etc. may be vulnerable to the virus as well.
PLEASE CALL US IF YOU HAVE ANY CONCERNS ABOUT YOUR CURRENT BACKUP AND DISASTER RECOVERY SOLUTION.
If you have any questions, please feel free to call us: 309-829-2000 x3
