Friday, April 25th, 2014
I am sure most people are aware that there are some pretty nasty bugs and malware being sent around the Internet.
Some hijack your email and send spam to your address book, others are designed to sit secretly in the background and simply use your systems resource and internet connection as a gateway to send spam or process tasks in the background. Some try to steal your identity or personal information either through logging your key strokes or duping you in to entering personal details into a fake website. Some will try to ‘break’ your system by changing settings or files .
Now, these are not nice and can be a nuisance to get rid of. Generally, any decent anti-virus product will protect your system and stop these programs from running or at least stop them in their tracks. You can then restore any damaged or missing files from your backup, though normally any data will be retrievable anyway, even in the case of a complete reload of the system.
There is one virus however, which can cause the loss of all your data and files and for which there is currently no known resolution apart from paying a lot of money – and even that will not guarantee a return of your data.
The CryptoLocker virus sits dormant on an infected machine until that system is rebooted. This then triggers a file to run on restart which secretly works its way through your files encrypting them and making them unreadable. Not only will it work its way through your hard drive, but it will search through any mapped network drives or connected USB drives encrypting them also.
As a final nail in the coffin, it will attempt to delete and disable any historical shadow copies, just to make doubly sure you have no way of retrieving your precious data.
Only when it has finished will it display its message on your desktop to tell you your system is infected and with details on how to pay and retrieve the key to decrypt your data.
So, how can you protect yourself? Generally the virus is transmitted via an email attachment. These are appearing more and more genuine and those we have seen include Companies House submission reports, Bank statement notifications, delivery instructions from major courier companies and HMRC tax return notifications. The attachment pretends to be a pdf document but is in fact an executable file which runs and then infects.
Firstly, do not open or even preview an email you are not expecting from these sort of sources. If in doubt, delete it.
Secondly, make sure you are running up to date, valid anti-virus software. This will help to pick up any known executable files as they run on your system.
Thirdly, there is a small application, written by FoolishIT LLC which can be installed on a PC to help protect against this particular threat. It stops certain file types running in certain locations on your PC. This will help to protect against the virus but may possibly impact some other 3rd party software also. You can download CryptoPrevent from the following page: http://www.foolishit.com/download/cryptoprevent/
Finally, make sure your system is regularly backed up but, if you back up onto a USB disk, do not leave this permanently attached to your PC. Depending on how you back your files up, this could become encrypted also should you be infected.
Should you be unfortunate enough to be a victim of this virus, and you simply must try to retrieve your information, you have a limited time to follow the instructions and decrypt your files. Currently, there is no other alternative to retrieving any encrypted data. Success rates vary and paying the ransom does not guarantee your files will be saved. If you do want to take this route, then do not make any attempt to clean your system until you have tried to decrypt your files. If you remove the key files from your system then you could end up having to pay more money or not be able to decrypt your files at all.
For more information on keeping your systems safe and secure, please contact us.