Cryptolocker Virus Email Information

I wanted to make sure that you were aware of a really bad virus that has been making its rounds and has infected one of my Dunwoody clients.  The virus is call Cryptolocker.  The way that you would get infected is by opening a SPAM email that has a .zip file attachment and proceeding to open the file in the attachment, usually looking like a .pdf file.  Once you’ve been infected, you will see a screen like the following:

cryptolocker

If you see this screen, you have already been infected.  What this very malicious virus does is to encrypt your files and if you don’t pay them $300 within 72 hours, your data is permanently encrypted.  It will also worm around your network looking for other places to infect.  There are several blogs/security websites that talk about paying the ransom / not paying the ransom.  Personally, I wouldn’t do it, because it doesn’t guarantee anything.  If you hand over your wallet to a mugger does it guarantee that you won’t get assaulted?  Maybe, maybe not.

So, what can you do once you remove the virus?  If you have taken my recommendation for Carbonite (www.carbonite.com) as an online backup solution, you need to contact Carbonite and tell them you need to do a full restore of your data from a point in time PREVIOUS to your attack.  Ask for higher level of technical support if the person on the support line doesn’t know what you are talking about.

There are many ways to remove the infection but not the encryption of your data.  The removal is easy.  The unencrypting, as of right now, is IMPOSSIBLE.  DO NOT hire a company off the internet who claims to be able to fix this issue.  They are all bogus and you will be wasting your money.

So, how do you prevent yourself from getting infected?  First, don’t EVER open a file in an email if you can’t verify who it’s from.  Make sure your antivirus is paid up (if commercial) and up to date.  No, I can’t respond to you and tell you what’s up with your current state of your system.  I would have to see it to make that determination.  Also, this virus does not by it’s nature affect smart phones, tablets, or Macs.

My current recommendation for Windows XP, Vista, and 7 is Microsoft Security Essentials.  It’s free and it does a great job.  I don’t know yet if MSE would have stopped this.  This client happened to be using McAfee and was having computer issues so another technician working on his computer regarding a whole separate issue MAY HAVE turned off his antivirus program and forgotten to turn it back on when he was done working.  If you have Windows 8, it comes with Windows Defender (renamed Microsoft Security Essentials) and it works as well.  If you have commercial grade software, I recommend Norton over AVAST, AVG, McAfee, Trend Micro, and others.

More information at these web sites:
http://en.wikipedia.org/wiki/CryptoLocker
http://www.theguardian.com/money/2013/oct/19/10-ways-beat-cryptolocker-protect-files
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Comments are closed.