It seems to be the week of warnings.
Normally I try to balance the scary blog posts about viruses and scams with something more uplifting, or a lighter topic. Unfortunately, this week I can’t do that, due to the nature of this piece of malware I’m writing about today.
It’s called CryptoLocker, and it is without a doubt one of the nastiest pieces of malware we have ever seen. When it infects your system, it will encypt all of the data on your hard drive, making it impossible for you to access. It then pops up a message letting you know that if you don’t pay 300 dollars in bitcoin or moneypak vouchers (which is untraceable money), that the unique key you need that can break the encryption will be deleted and you will never get your data back. Oh, and in the meantime, a countdown will pop-up on your screen indicating how much time you have left to pay before your data is lost forever.
Sound like the evil genius plot of some James Bond supervillain? Yeah, it kind of is.
One of the most dangerous things about CryptoLocker is that it is very difficult to determine. It will come to you as an attachment to an email, and even though it is an executable file (.exe) it may be disguised to look like something else, such as a PDF. We have even seen it come in looking like a voicemail (when you have VoIP you can set it up so your voicemails are delivered to your inbox). This is a very sophistacated and smart piece of malware.
To make matters even worse, there really is no way to get rid of this virus once you are infected other than re-formatting your hard drive. So unless you have backups, you will have to start from scratch.
And even if you do pay and get the encryption key, people have reported a lot of issues with the decryption process. So even if you get your data back it will likely be corrupted and incomplete.
Here are the main things you need to know in order to protect yourself and your network from this:
If you get infected, immediately disconnect your machine from the rest of the network
Make sure you are no longer connect to the network either by unplugging the network cable or turning off the wi-fi connection. Otherwise, the virus will be able to spread to the rest of the company’s network.
Don’t reboot your machine
If you do that, it will not get rid of the virus, it will only allow it to encrypt even more files.
Take necessary precautions with restrictions
You can implement software restriction rules on your computer that will prevent the executable file from running. However, this may cause problems with other, legitimate programs on your computer, and you will have to create exceptions to allow those programs to run as they should. Work with your IT support to make sure this is set up for your network, since it basically makes your system CryptoLocker-proof.
Backups!
Make sure all of your important data is backed up, and that everyone in the company is saving their important work on the files that are being backed up. Once you are infected and you have to re-format your hard drive, having complete backups is going to save you time, money, and a whole lot of frustration.
Be extra cautious
When in doubt, always pick up the phone and call us right away. Better safe than sorry!
Are you scared yet? This is a really serious piece of malware, but we are working hard to help you make sure your network is protected and your backups are complete so that even if you do unfortunately get infected, you, and your network, will survive. If you want to discuss more about how to protect your network and how we can help, pick up the phone and give us a call (703) 264-7776.
To learn more about the CryptoLocker Ransomware, check out this article.