CryptoLocker – The Worst PC Virus in 10 Years
If you haven’t heard of CryptoLocker yet, you surely will and I encourage to keep reading to lessen your chances of becoming the next victim of what has become known as the worst computer virus in a decade.
So what is CryptoLocker?
CryptoLocker is a ransomware virus, a form of malware, affecting computers operating on Windows systems. CrytoLocker essentially hi-jacks your data or computer and holds it hostage unless you pay the ransom that is requested by those who have done the hacking. CryptoLocker has gained notoriety as it has been able to set itself apart from other common, similar forms of malware as it is capable of keeping its promise to make your data and files completely inaccessible to you unless they have received your ransom. Using asymmetric key cryptography, CryptoLocker encrypts all the files on your computer that ended in popularly used extensions including, but not limited to, documents, PDF files and images. Once your files have been encrypted, a pop-up will open letting you know that you have a specific amount of time (typically ranging between 72 and 100 hours) to transfer money to the hackers. If you do not comply, they will destroy the private key that is needed to decrypt your files. Many reports regarding this virus state that paying the ransom will, in fact, decrypt your files. Some who have been infected with this ransomware have been able to successfully recover all of their data, but this is not guaranteed and keeping yourself from being exposed to this virus is the best option. If infected by CryptoLocker and you are either unable or unwilling to pay the ransom, consider your computer as good as gone.
How do you get infected?
There are a few different ways that this virus is currently being spread:
1. Email – CryptoLocker will disguise what appears to be a legitimate email from companies you trust, like UPS and FedEx. Be sure not to click on any links or attachments within any emails that you receive that you weren’t expecting or don’t recognize.
2. Botnet Software – You can be attacked via botnet software that already exists on an infected machine. Thousands of computers are infected with this type of software, allowing computer hackers to remotely control them. You may not know that your computer has been infected because it may not show any signs of being infected or compromised, but this does not mean your computer is safe from having additional malware software, like CryptoLocker, downloaded.
3. Drive-By – A drive-by download is an unauthorized download that takes advantage of vulnerabilities in outdated web browsers. In doing so, the drive-by download installs code from an infected web page directly to your computer and does not allow you the option of saying “no” to the download or even letting you know that a download is occurring.
4. Phone – The latest technique used by hackers to infect computers with the CryptoLocker virus starts with a phone call. You answer the phone and someone on the other line tells you that they are with the Microsoft Support Team and that your license has expired. They will then offer to update your license for you on the spot, as you provide them access to your computer, and they will ask you to pay first online at a website they provide. Along with your credit card information, the site will ask for other personally identifiable information as well. And once you’ve submitted that information to them, they will use it to try to steal and sell your identity.
My Computer is Infected…Now What?
- You should consider paying the ransom if you do not have a backup and if the data is worth it to you. Just ensure that you do not give out any credit card information or personal information.
- Remove the virus from your computer. Typically, most antivirus software will have no problem finding and removing the virus. Ensure you do this before backing up your computer’s data, otherwise any of the data or files that you recover will be at risk for encryption.
- It’s hard to determine whether your computer was compromised in any other way once it was infected with CryptoLocker. Therefore, ensure your format your hard drive. Since the infected files are now useless, wipe everything off your hard drive and start over.
- If you have a backup, restore it if possible. Some who have been infected with this virus were able to recover using a system restore from files that Windows creates.
- Don’t rely on network drives or any other connected media. It has been reported that the CryptoLocker virus has the ability to jump to networked drives from your network.
How Do I Ensure My Computer is Protected?
- Use anti-virus or anti-malware software. Do not remove or disable the software and ensure you keep it up-to-date. The anti-virus solution you use needs to have a mode for proactive malware prevention.
- Keep your anti-virus software up-to-date. Also ensure you perform updates to Windows, all web browsers that you use and any other software that communicates across a network.
- Trust your instincts. Don’t open any suspicious emails or attachments and avoid visiting any websites that seem suspicious as well.
- Perform file backups. It is important that you have at least one, if not two, data backup solutions. One solution should be cloud-based that will back up your files and data on a daily basis and allows you to access the information from anywhere. The second recommended solution is an external hard drive that is not permanently connected to your network. You would use this to backup your data and files at least once a month.
Worried Your Computer or Network May Be Vulnerable?
Contact us and we will be happy to perform an assessment of your computer or network security.