You open your email and you have a package tracking notification, you start to think… hmm did I order aunt sally something this weekend? I mean the holidays are coming up so you might have. After a few seconds of thought you see that PDF attachment and decide it must be the receipt and it should tell you what you purchased, so you leave it downloading and continue to work. Little do you know you have just downloaded one of the fiercest viruses of our time, and your files are rapidly being encrypted so you can no longer access them. Talk about a bad day, not only can you not access your files, but now you have to pay a ransom of $300 within 96 hours, or forever lose your data.
This the CryptoLocker virus, one of the most damaging of the ransom Malware Trojans out on the red. We sat down with Tom from KC Computer Support, one of Kansas City’s Computer Repair shops with the most history, to find out what this virus truly does, how to prevent it, and how to get rid of it.
This virus surfaced in September of 2013, relatively late, and with good reason… the holidays. Most people now a days knock something off their holiday shopping list online, so why would they think twice about a tracking notice email? It won’t be long before we start seeing this virus using Amazon or Ebay as a decoy to spread. The malware is a legitimate attachment, so you literally download the virus onto your computer yourself, and targets all files, doing away with shared ones first. Once your files have all been successfully encrypted, a message will be displayed that offers to decrypt your data if a payment is made through Bitcoin or MoneyPak.
You’re sending money so it should be fairly easy to track these guys down right? Wrong, both Bitcoin and MoneyPak use decentralized currencies, it is very tough to pinpoint the location of these criminals and where the money is going. All attempts have led to IP addresses that keep bouncing around and lead nowhere, truth is the trail is too long to follow for $300. You have 4 days to pay the ransom of $300 which online equals 2BTC, but even if you do not pay within the deadline you can still recover your data, but now it will cost you 20BTC, you can do the math… A ridiculous amount of money.
Although it is said by experts that the ransom should not be paid, there is no way to actually decrypt the data. There are ways to delete the virus, but your files will still be encrypted and unaccessible. Some victims say that paying the ransom is the only way to recover your data that has not been backed up, but they’re criminals, how are we to know that they’ll actually do as they say? That being said, do not give in.
The malware has been known to attack PCs running on XP, Vista and Windows 7, but it would be no surprise if it starts infecting Windows 8 or Macs. If an attack is suspected, there are a age things you can do, in order to slow down the process or stop it where its at. Unplugging your computer can help you safe some of the files that have not been infected already. Keeping a back up of all of your data is a MUST in a world that is now dominated by all things digital, so if you want to invest in anything this holiday season, investing in an external hard drive would be a long-term investment that could save you a lot of headaches.
This malware is a double-extension and there is a program available that can detect such downloads and stop them before your computer is infected, this program is called CryptoPrevent. Once the attack is detected immediate removal is advised, in order to protect as much data as possible, seeking help is always a good move, specially in situation in which all of your data and photos are at risk.
The biggest point to take away is to never give in to extortion, the more people that pay the ransom, the more incentive there is for these criminals to develop more of these viruses.
For more information on this virus, others, or if you suspect there is something creeping between your files, contact KC Computer Support for immediate assistance at (913) 541-0001 or visit their website at www.kccomputersupport.com.
Staying Virus Free, your Kansas City Business Blog.