Cryptolocker: the most dangerous virus ever created (not a hoax)

cryptolocker

Although we haven’t had a client yet with this virus, it’s the scariest and most damaging virus I’ve encountered in my entire professional career and I’ve been there since the beginning http://www.f-secure.com/v-descs/winvir.shtml

This article explains how it works and a a more detailed explanation here but basically you download the virus via an attachement or going to a website. Running in the background, it locks you out of not just the stuff you create on your hard drive such as documents, photos, music but will also seek out any other devices on your system such as external hard drives, flash drives and basically anything it can see. The virus can be working for weeks in the background without you realizing it.

In theory, this impacts only PCs but in environments where data is shared between Macs and PCs, including programs such as Parallels, Vmware or boot camp your Mac data is at risk.

As of this writing, most major antivirus vendors can protect against it, but the nature of virus removal is always a game of cat and mouse. The criminals modify the virus, the virus hits, and then the antivirus vendors protect against that variation. Nothing is foolproof and in particular viruses such as these that demand money help fund additional research into more ways to harm you and extort money. Every story I read about a “ironclad” protection strategy has technicians responding that it didn’t work.

Typically by paying the money ($300 and up) you get your files back such as this police department that had to pay at taxpayer expense to get their files back, but since you are after all dealing with criminals you can’t always know if they are honorable so there is no real way to know if they’ll follow through. I don’t recommend paying. If they don’t give you the files back you can’t easily get your money back.

Some suggestions to help protect against and minimize this virus

1) Keep up to date with Microsoft security updates. Make sure they are turned on and working

2) Have a quality reliable antivirus that is up to date. Approximately 25% of the clients we see don’t have this

3) Be wary of attachments or links to websites. This INCLUDES from people you think you know. Scammers will hijack accounts or forge senders to make you think it’s legitimate. Best not to open any of these unless you are fully expecting to receive something. In particular avoid any attachments with .zip or .exe. I see these in such messages claiming to be from UPS, IRS, DHL, Whatapp, Apple and others. Don’t follow links or open attachments unless you are 100% they are legitimate. When in doubt respond and ask why you were sent this if it’s from an individual and if from a business then contact them directly.

4) Use online backup services. Obviously backups are important and when Cryptolocker hits unless you want to risk paying the money the only course of action is to restore files from backup. The problem is if you use an external hard drive for backup … Cryptolocker is smart enough to lock those files. Online backup services by their nature can’t get infected with Cryptolocker. Our recommendation for most clients is Backblaze at $50 a year.

Tags: , ,

Leave a Comment

Copyright © DoctorDave Computer Repair in Lawrence Kansas |   intrepidity Theme by Top Blog Formula on WordPress |   Log In