Cryptolocker Ransomware Virus – Back Again!
363 days ago I posted about this latest twist in the schemes of hackers to extort money from computer users. During the course of the last year, some programs were written that could get the virus out and decrypt the files on the hard drive since the original writers of the virus left the key on the hard drive.
This year, the virus writers got better, smarter and more nefarious – the have figured out how to not leave that information on the hard drive after infecting and encrypting all of your data.
(If you click on something for an install, it won’t matter what Antivirus you have on the machine. The installer is OKd and the Antivirus thinks you have said it’s good. Oops. You just accidentally infected the machine. Some innocent looking programs actually install the malware and toolbars without your consent and then the machine crawls to a halt with the other infections brought in. Don’t install any program unless you have gotten it from a reputable source.)
Last week I got a call from a client visiting Hawaii with his laptop. He got the virus from an infected page in Earthlink. (I thought Earthlink was nearly extinct?)
After a few hours of working to remove the virus remotely, the data was totally encrypted but the virus and anything else suspicious was removed. The machine was at least usable until I could get it back into the shop and go through it in person. We had to create a new email profile since the Outlook file was encrypted and unusable.
The Twist – this year they require victims to download software from TOR to get them paid and for you to supposedly get your encryption key so you can access your files again. Unfortunately not everyone gets their key after they pay. Most people do not know how to install and configure TOR, which as of late, is under careful scrutiny from most law enforcement agencies globally. There all sorts of anarchists and terrorists sharing data and information over that network. I would rather lose my data.
The files are completely lost including the Outlook PST data files, all of the pictures and all of the videos and documents stored on his hard drive as it went through the drive while he had it on.
So where am I going with this?
First: make sure you have System Restore turned on. Sometimes this is the only method of getting encrypted files back if they are not backed up. Do not use System Restore until the infection is REMOVED from the operating system, the hard drive and other hiding places. It will just get reinfected.
Second: BACKUP BACKUP BACKUP! I cannot stress this enough. If we have the data remotely stored on hard drive or cloud backup or preferably BOTH, then we can replace the data with less loss of data such as a picture or two that goes missing from the restore set.
Third: Call someone if you have some strange errors on the screen and TURN the computer OFF! It cannot get too deep if the power is turned off almost immediately.
Fourth: Unless you are really good at virus removal, you might make matters worse! This is true for most infections that I have seen. One client brought a computer in that he worked on for four hours. It took me another 3 to get it cleaned up as the virus kept getting deeper and deeper into the operating system.
Worse yet – some cleaners that come up in the search results are VIRUSES!!! I have had clients install more than one fake virus cleaner only to spend hours scrubbing the computer system up. Please, let a pro handle the recovery.
Last of all: If you can set your computer back to factory default and don’t mind losing everything this is another option. It will be just like starting over as if new.
(Exception: one program in Windows 8 that advertises itself as a replacement Menu is really a virus (Pokki) and when I factory reset the windows 8.1 laptop, the virus got right in as the machine was being reloaded. It had put a copy of itself into the factory image on the restore partition. If you are using Microsoft as the online storage in Windows 8, it will backup everything including viruses and then happily restore the viruses as well.)
BUT I can almost always get out the infection without the loss of data. In fact, 90% of the computers that I have cleaned do not require reformatting the drive or any loss of data.
So are you backing up? Here’s what most of my clients are using from doctors to lawyers and everyone in between: http://www.idrive.com/p=scott_pam
With that free 5GB service the most important documents and photos can be stored. Upgrades to 1TB of backup space are under $50.00.
External backup drives are also incredibly cheap with up to 4TB of storage going for under $200.
So, how important is your data? How important is your computer in your business? In your home? How important are those pictures?
Make sure you are backing up regularly.
Is your AV solution on and working? Have you run regular scans?
If you need help, CALL! I am here to be of service to my clients and those they refer to me.
Scott PC-ASSIST/MAC-ASSIST (760) 969-0974
Powered by Facebook Comments