Beware CryptoLocker Virus!

I typically don't like to put out a warning every time a new virus rears its ugly head.  I worry that by issuing a warning about specific computer viruses that it creates the perception that people should only worry about viruses we talk about it - instead of being constantly on the alert.  

The sad reality is that hundreds of viruses and variants of existing viruses are flung onto the Internet every single day.  So, raising an alert about one particular virus seems silly in some respects.  However, in this case, I think that reminding people of the need to be ever vigilant by talking about this particular piece of nasty is worthwhile. 

I spent much of my Thanksgiving weekend recovering about 50,000 files that were damaged by one single infection of the virus generally called CryptoLocker.  Here's what it does.   First, it applies strong encryption to any documents (Word, Excel, PDF, etc) it can find on the host computer or any network shares.   This encryption essentially makes the files unreadable (unless you have the decryption code).   Second, the virus posts a ransom message asking for $300 on the user's computer!  It's simply a 21st century shake-down. 

Apparently, if you pay the $300 (through untraceable online payment methods) they will decrypt your files and make them accessible to you again.  Sometimes, though, the decryption doesn't work - they didn't spend as much time developing the decryption component as they did the encryption part.  Scary huh? 

You can't decrypt the files on your own.  Your only option, if you don't want to pay the ransom, is to restore your files from backup (which is what I did for this particular client).

How did they get the virus?  It's hard to tell but it appears this one can come from various sources.  It could have been from an attachment on an e-mail, or from an infected website, or maybe it was dropped by another virus.   

But, you say, it couldn't happen to you because you have antivirus installed.  Right? Wrong!  The major antivirus software vendors don't seem to be able to catch this virus before it does its damage.   Now, that's scary!    The good news is that there is a way to block the virus by making a configuration change on your network.  If you're a client of ours, we've already done that for you.  If not, contact me and I'll tell you how.

The bottom line?   It's always education and awareness.  People need to be suspicious of unexpected file attachments.  They need to understand that banks, couriers nor Microsoft will e-mail you asking for credentials or information.   It's common sense.  If you aren't sure about a website or an e-mail, then pick up the phone and call.  Be suspicious.  A little bit of paranoia can save you a lot of headaches and lost time.

As always, I welcome your comments and questions.