Friday, 15 November 2013

CryptoLocker Ransomware virus

This week we've come across a couple of instances of clients who have been infected by the "CryptoLocker" virus.

This virus has changed their desktop wallpaper to become a message from CryptoLocker, which explains that the data on the computer has been encrypted and that the user has 96 hours to pay a ransom in order to have the data unencrypted again.

This type of virus is known as "Ransomware", because you must pay a ransom in order to have your data returned to you.

The virus runs when you click an infected attachment in an email, or if you visit a rogue website. It isn't immediately apparent that you have been infected, as it slowly encrypts all of your data in the background, before announcing itself with the desktop message. Sneaky, huh?

In the case of the first client to report this issue we were able to successfully remove the virus and to then restore all of their data from the Online Backup service that we provide them with.

Sadly, the second client didn't subscribe to this service, in favour of holding their backup on an external hard drive. As this was attached to the computer when the virus did its work, the external drive was also encrypted. Oops.

Whilst we could clean the virus itself off the computer, we weren't able to get any of their data back. The ransom requested is £200, so they are deciding whether or not to trust that paying out this money will actually lead to the data becoming usable again.

There are a number of lessons to take from this problem:

1. Always keep a backup copy of your data away from the computer. This may be through an Online or "Cloud" based backup system, or simply backing up to two separate hard drives, keeping one of them off-site at all times, (in the car for instance).

2. Take a backup copy on a very regular basis. It isn't enough to do this job weekly if you can't afford to lose the last week's worth of data.

3. Test your backup on a regular basis. Can you restore data if you have to? Rename a file and try to restore that file from backup. Do the two files match?

4. Viruses almost invariably come in emails these days. By far the most common method is via a "Zip" attachment. Who ever sends Zip attachments to you? Certainly not the banks, PayPal, the Government, or any parcel delivery companies! Don't trust any Zip attachment.

5. Never believe that the Sender address of an email is where it has actually come from, as this is easily spoofed. Emails which appear to have come from someone that you know and trust are an easy way for virus writers to fool you into opening their attachments. Read the text first and wonder, "Does that sound like this particular Sender, and why would they have sent me this attachment?"  If the attachment is a Zip file, don't trust it!

6. If there is no attachment then the email may be trying to trick you into visiting a rogue website. Never click a link held within an email, but instead open your internet browser and go directly to the required website. (Keep your most used websites - such as online banking or PayPal etc. - in the "Favourites" or "Bookmarks" of your internet browser).

If you're worried about your backup method and whether or not it is suitable then call us for a free check up. 01257 42 92 16
____________________________________________________
Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2013