We posted a new virus alert recently about a particular family of viruses going around called Cryptolocker. The virus is still going strong so we thought we should give you a little more information. It’s good to know (and share), unless you have an extra $100 to $300 worth of ransom money to grudgingly blow in an attempt to get your files back.
This strain of malware encrypts the files on your computer. It attacks your Word documents, PDFs, spreadsheets and more. Once encrypted you’re unable to access, much less open or use them. What you do get is a malware-generated pop-up ransom note, so to speak. The message demands payment of a couple hundred dollars in exchange for your files back. Allegedly in exchange, you receive a key code that unlocks your encrypted files again. What really happens is that you’re out your ransom money and your files. More often than not, the decryption key is never sent.
Are you thinking, “I’d never fall for something like that. I’m impervious to such ridiculous demands. I’m smart enough never to open a spam email, much less click on a suspect link.”? Well think again because there are some very tech-savvy, overly cautious professionals (is there really such a thing when it comes to protecting your business from a computer virus?) out there who’ve lost every single one of their files to Cryptolocker. Imagine having to explain that to your clients and patients who’ve entrusted you with their private information!
Cryptolocker and its subsequent ransom demands arrive inconspicuously as an email with an irresistible and very believable subject line. An authoritative industry agency or bureau is investigating one of your coworkers, partners, colleagues, etc. For law firms, it might appear to be from your state’s Bar Association. For doctors, it may be the state medical board or an attorney. For accountants, perhaps it’s the IRS. For others, it might be as common as a delivery notice from a well-known shipping company.
Given the serious nature and consequences of such an investigation or package, the email recipient clicks the link that promises to give more information regarding the “official inquiry.” And there you have it. You’ve opened the door and the virus is unleashed to encrypt any data it can find. Viruses are very dangerous for businesses, this is why they hire IT contractors to maintain and secure their IT network. Some insurance for IT contractors exists as rarely the viruses are so advanced, these experts have trouble detecting them.
A ransom note pops up, adding insult to injury. Want your files back? Sure. But you can’t leave unmarked bills in an envelope by the side of the bridge, right? No, you’re instructed to cough up $100 to $300 paid through a PayPal or Bitcoin account some even buy bitcoin with paypal. Then and only then will you be sent a DEcryption code giving you back your ENcrypted files and data. You’re also given a deadline to pay up. A couple of days max. The same payment account is never used twice, making it tricky for authorities to track. Most victims never see the code. Or their files again.
Now what happens? Are your business-critical files and private data gone for good?
Cryptolocker is keeping anti-virus software companies and other authorities on their heels working on a solution. They’ve been unsuccessful as of yet due to the nature of the file encryption method used. Obtaining the decryption key needed to reverse the damage is extremely difficult if not impossible. Currently there is no way to repair infected files other than restoring them from a backup. This crystallizes the need for a sound IT management partner in crisis situations.
So you hope and pray that your files have been backed up in the cloud or on an external server somewhere. Backing up on a hard drive connected to your computer does not protect you from this malware as Cryptolocker searches out and encrypts ANY data in its path—a path that leads directly to your hard drive too.
Reminding users to back up their files on the server and network once they’ve had their files kidnapped is only rubbing salt in the wound. But it’s also the best precaution to take against malware like Cryptolocker. So we’re going to say it anyway: Back up. Back up. Back up your files at least once a day. More if possible to avoid loss of your most current data. Some of our small business clients take advantage of our NetServ solution. Their data is backed up three times a day.
Yes, we’ve had clients who’ve fallen prey to the latest virus. They are very intelligent people; people who usually know better, but were fooled this time. In every case of Cryptolocker thus far, we could restore all of their files from back up. And not one of them paid the ransom. For an even more detailed explanation of this harmful virus, here’s a video resource: