You may be aware of a new ransomware known as Cryptolocker. Yes, you read correctly: it is ransomware that can infect your PC or servers in the form of a Trojan, virus, or phishing attack. It renders your files and folders unreadable by encrypting them. The software sniffs out your personal office documents, photos, music, etc. first before the program demands that you pay $300 to receive the security key to decrypt your files and folders.
A few questions & answers:
Should I pay the ransom? No. Your issues will go from bad to worse. First, there is no guarantee that you will receive a key to decrypt your files. If a software attacker will resort to holding your data hostage, imagine what he can do with your banking or credit card information.
Isn’t it possible to otherwise recover my files? It’s highly unlikely. Cryptolocker can create irreversible data loss by infecting the PC and then encrypting your data. Encryption manipulates good data into secret code; without the security key, your files and folders are still present but cannot be opened, read, or otherwise used.
What should you do first? Be proactive. Back up your files and folders to Blu-Ray, DVD, or an external hard drive. Don’t wait until your device is infected to do so. Caution: If you back up to an external drive, do not leave it connected to the PC. Once you have backed up your files, disconnect the drive. Take advantage of the CATRS Technology Services–we can perform backups for you. Contact us at (850) 224-7713.
What software security modifications should I be sure to make on my PC? Make sure that your PC has antivirus and antimalware software installed and updated. Make sure that Windows is up-to-date with all current security updates and patches. Make sure that your firewall is turned on and operating correctly.
Why the rush? Couldn’t I just have my IT person remove the virus? Yes, it’s possible to remove the virus; however, a lot—if not all—of your files would have already been encrypted by the ransomware.
Will my antivirus detect the virus? This variant of the virus is relatively new. Security companies and antivirus manufacturers are working on solutions to detect the virus, but do not have one yet. Malwarebytes antispyware has had some success with at least removing it. Keep in mind, if your files and folders are encrypted there is no way to decrypt them.
I have a Mac; I’m in good shape, right? No. This has affected Mac users as well.
If my PC is infected, what steps can I take to prevent it from spreading? Turn off the PC immediately! The infection can be spread across networks to other connected PCs, servers, and devices. Therefore, unplug the network cable from the infected PC. If the PC is connected to the network wirelessly, disable the wireless network adapter.
What safe PC habits should I form to avoid infection? Do not open attachments from anyone you’re not expecting an attachment from. Do not click on hyperlinks from untrusted sources. This includes emails from financial institutions and shipping companies like UPS and FedEx. Do not allow USB flash drives to be inserted into your PC before first scanning them for the ransomware.
Are cloud backup services like Carbonite and Mozy sufficient for backups? No. If the PC has been infected, then these online services will still be backing up encrypted (unreadable) files and folders.
If the virus has been removed, should I feel confident adding new files and folders to my PC? This depends on your confidence in the person removing the virus. The only way of making 100% sure a computer is no longer infected is to have your technician perform a clean install of the operating system and supporting software. If you have uninfected backups, this is the preferable course.
Make no mistake–this variant causes severe data loss. If your files are encrypted, it is worse than actually deleting the files.
Manager of Association Technology