There is a “new” bug floating around the internet, it’s called CryptoLocker.
Imagine you are pumping out work, getting things done… proud of your accomplishment, but little do you know, your personal files are rapidly being encrypted so that you can’t access them. Then all of a sudden an alert appears on your screen — you have 96 hours (or four days) to pay $300 or lose all your encrypted personal files FOREVER. A countdown is already ticking on your screen.
Yup, that’s CryptoLocker (also known as “Troj/Ransom-ACP”, “Trojan.Ransomcrypt.F”), the latest and most damaging Windows virus in a series of recent ransomware Trojans. The relatively large amount of money it demands, combined with the tight deadline, make it far more aggressive than other similar viruses.
And unfortunately for computer users, it’s spreading more rapidly than any of its contemporaries.
According to the US Computer Emergency Readiness Team, it spreads through an email that appears to be a tracking notification from UPS or FedEx, though some victims said they got infected on the tail end of wiping out a previous botnet infection. And in case it wasn’t clear, you don’t need to be in the US to become infected.
Now, it’s more than opening the email that spreads the virus. You need to open the email and actually download the zip file inside it. Hiding inside that zip file is a double-extension file such as *.pdf.exe. The .exe file lets CryptoLocker run on your computer, while the innocuous .pdf extension hides the file’s true function.
So what should you do? Run your antivirus software? Sure, but it’s “not a silver bullet.” Bottom line is make sure you keep regular and recent backups of all your files. This goes double if you’re a business that shares a drive or folder across multiple computers, since CryptoLocker is known to target shared files for encryption first.
How to remove CryptoLocker
Depending on the severity of the CryptoLocker Virus or how long the computer has been infected, users infected by ransomware will require different removal steps. listed here are the options to remove Ransomware for all stages of progression and all types.
1. CryptoLocker Removal Applications – Automatically clear out all infections and Ransomware CryptoLocker Virus.
2. Manual CryptoLocker Removal – Remove associated CryptoLocker Virus files.
3.System Restore – Restore your computer to a time and date before the Ransomware CryptoLocker Virus.
4.Safe Mode With Networking – Manual infection removal and automated infection scan for the CryptoLocker Virus.
5.Flash Drive Option – Load Antivirus (or AM) software to a flash drive, scan for and remove the CryptoLocker Virus
It’s all well and good to prepare, but what if you already are infected? Disconnect from the Internet or turn off the computer. This is exactly the first order of damage control. But know the only thing turning off your computer does is keep the virus from continuing to infect. In fact, unplugging your computer may save some of your files, if the virus is still in the process of infecting them.
Next, you need to figure out what damage has been done. Which files have you lost? Do you have backups of these files? If you don’t have backups, have you checked Windows’ System Restore files, which sometimes automatically back up the computer for you?
If you do have a backup, it’s time to wipe your computer of the virus.
Fortunately for you, just about every antivirus vendor has a CryptoLocker cleanup tool. Work with your regular antivirus software, or follow a tutorial.
*CryptoPrevent, from a good Samaritans that attempts to shut down CryptoLocker before it starts by stopping computers from downloading double-extension files.
*Other Tips and steps to remove
*Restore your backup, and you should be set. Just don’t click on any more dodgy emails.
Does Paying Ransom Work?
Overall you should never pay these guys ransom. Why? It’s just going to encourage malware authors to create similar viruses.
But let’s say that for whatever reason you don’t have a backup and do want to pay the ransom. The criminals behind CryptoLocker make it very easy to do.
Even if you haven’t made your payment before the deadline, they’ll still let you pay. Only this time, instead of $300 it will be upwards of a $1,000.
Since victims have reported that paying the ransom does work, this is your best hope for getting the encrypted files back. There’s no way to track the criminals through the decentralized currency they’re accepting payment through, and their encryption methods are simply too strong to unlock without a decryption key.
With no way to prevent CryptoLocker in sight, the most important thing is to make sure people know about the virus before they get infected.
So, awareness is the first step. Make sure your employees, or your family, know this virus is out there, and NOT to open foreign emails that they are NOT familiar with, and contact your technical support team immediately.
And if you don’t have a technical support team, I highly suggest that you contact Guaranteed Technical Services and Consulting (GTSAC) immediately. We can be reached at 708-481-4055 and ask for Steve Fitch.
Be sure to bookmark our site, as well as follow us on Social Networks below…
30 Second Technology
“Technical lifestyle expert…
…making tomorrow’s technology understandable and useable today!”