TO: All Our Valued Clients
FROM: Jim Burley at CT
Norwalk
RE: Recent Virus Outbreaks
We
wanted to bring to your attention a new and alarming type of computer “virus”
which is being widely reported, called CryptoLocker or Trojan:Win32/Crilock.A.
This is technically not a virus – like the “FBI
virus” or “Moneypak virus” which we’ve seen way too much of, this is a
malicious program that has to be installed on your computer.
The good news is, it’s relatively easy for us to fix
this infection. The bad news is, there
is a 99% chance that you will lose every single file, photo, program, and shred
of data on your computer in the process.
Here’s a typical scenario of what happens and what
you should avoid:
1) The
CryptoLocker software gets installed on your computer. This most often happens either by letting
someone who calls you claiming to be “from Microsoft Support” into your
computer remotely, or from downloading “free movies” or similar illegal files
from torrents, or from clicking on pop-up messages from the internet that may
say things like “Your Computer Is Infected, Click Here To Remove Virus” or
“Your Computer Is Running Slowly, Do You Want To Fix The Problem? Yes or
No”. Clicking on these ads (even if you
click “No”) or letting unknown techs into your computer remotely are the
primary ways people get bad software put on their PC or Mac.
2) The CryptoLocker waits a random amount of time,
then encrypts your hard drive. Encryption
is usually a security measure – you might encrypt your own files to make sure
no one can ever get to them, even if they steal your hard drive. When you encrypt files, no one else can ever read them unless they
know your encryption key.
In this case CryptoLocker encrypts your hard drive, making all of your files inaccessible without the encryption key. Some previous viruses have also used encryption, but we were able to beat them because they left a copy of the key on your hard drive. With CryptoLocker, the only copy of the key is kept by the bad guys.
In this case CryptoLocker encrypts your hard drive, making all of your files inaccessible without the encryption key. Some previous viruses have also used encryption, but we were able to beat them because they left a copy of the key on your hard drive. With CryptoLocker, the only copy of the key is kept by the bad guys.
3) At
this point CryptoLocker will stop your computer and post a screen demanding
money – usually $300. Not only that,
they demand the money within 72 hours or they will destroy the encryption key,
making your data completely gone forever.
WHAT YOU CAN DO:
Unfortunately
there are no good choices.
Option 1: Pay the criminals. DON’T.
They could not care less if you lose your files. They will not help you. More likely they just demand a second
payment. Even if they do unencrypt your
files, keep in mind you’ve just informed the criminals that you are someone who
will pay money when extorted, so they are more likely to target you in the
future.
Option 2: “Nuke and Pave” – remove
the virus, clean your machine, lose your encrypted files, restore from your
data backup.
Option
2 will work well IF you have your files backed up. We can’t stress this enough – EVERYONE should
have their files backed up, for many reasons.
Every day we talk to someone who has lost important photos or business
documents or financial data because their hard drive crashed, or a file was
accidentally deleted. Now we have
criminals encrypting your files via the internet.
Our
advice: Keep your virus protection up to date (we recommend AVG Pro or ESET
Professional), keep Windows patches up to date, have regular backups of all
your important data, and never click on or download suspicious files from the
internet, or believe anyone claiming to be “Microsoft Support” (or similar)
when they call you.
For
advice on solutions for your particular situation, feel free to call us
anytime, and pass this on to a friend.
Jim
Burley
Computer
Troubleshooters of Norwalk
203-840-1287
No comments:
Post a Comment