I’ve got “Crypto Paranoia”

Annoying viruses on our computers are something we have gotten used to dealing with, but there is a new and very malicious virus called CryptoLocker that is poised to cause serious problems. CryptoLocker is the latest and most damaging of a type of virus called ransomware, which are Trojan viruses that encrypt your files until you pay a fee (ransom). When the virus has finished encrypting your files, the alert shown below will appear giving you 96 hours (or four days) to pay $300 or lose all your encrypted personal files forever. 

Crypto Locker VirusCrypto Locker Virus

 

It should be simple to track down the hackers given that they’re taking a ransom, but it’s not that simple.  Since CryptoLocker demands payment through MoneyPak or Bitcoin, both of which are private, decentralized fund-exchange networks, it’s almost impossible to follow the money.

How does your computer get infected?

 

A common method of infection is when the user receives an email with a file that h

as to be downloaded.  According to the US Computer Emergency Readiness Team, this virus is often spread through emails that appear to be a tracking notification from UPS or FedEx.  The user needs to open the email and actually download the zip file inside it.  That zip file actually contains a double-extension file such as *.pdf.exe. So the .exe file lets CryptoLocker run on your computer, while the .pdf extension hides the file’s true function.  If you have any USB drives or back-up devices plugged into your computer, the files on them will be encrypted also.  Many small businesses and individuals have shared drives and Cryptolocker will also go in and encrypt those files.

Computers infected with CryptoLocker may initially show no outward signs of infection; this is because it often takes many hours to encrypt all of the files on the PC and attached or networked drives. When that process is complete, however, CryptoLocker will display a pop-up message similar to the one pictured above, complete with a countdown timer that gives you a short window of time in which to decide whether to pay the ransom or lose access to the files forever.  Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom.

What do you do if you think your computer is infected?

When you suspect that a computer is infected with CryptoLocker, the first thing you should do is disconnect it from your wireless or wired network and turn it off. This will prevent it from further encrypting any files. Try to identify which files have been lost, hopefully you have backups of these files. Before you try to restore the files, you need to make sure the virus is completely removed from your computer.  Most anti-virus programs will clean the virus. If you don’t have file backups, check the Windows’ System Restore files, which sometimes automatically back up the computer for you.

This virus is very destructive and currently there is no 100% effective way to prevent infection. The following guidelines can help minimize your chances of infection:

  • Be careful when opening files sent to you that are zipped, especially from Fed Ex or UPS.
  • Regular file back-up – If you don’t create back-ups of your files, now is a good time to start doing it!
  • If you back your files to an external storage drive, be sure to unplug the drive from your computer when the backup has completed.
Posted in Malware and tagged , , , , , .