Tuesday, January 14, 2014

Cryptolocker Virus Alert

I normally do not panic about new virus alerts, but this one has caught a lot of attention because of the potential destruction.
The links in this page are safe, but are a perfect example of how viruses spread through email. Do not trust unknown links (except for this). One way to verify links are by hovering over with your mouse, the destination address should appear in the bottom left corner of the browser window.

What does this virus do?

When this virus infects a system, it immediately encrypts the user's data and possibly the data on any external drives (such as USB/thumb drives) or network share drives to which the machine is currently connected. Once the data has been encrypted, the virus prompts the user to pay money ($300) by a specified deadline to decrypt the data. If there is no response before the deadline, the key to decrypt files specific to the encrypted machine is destroyed. Once the files are encrypted there are no other alternatives EXCEPT to recover the data from an offline backup. Read more here

Will your Antivirus program protect you?

At this time, both Vipre and other major antivirus vendors have updated signatures to this virus and prevent its infection. However, they do NOT not have a way to decrypt the files once they have been encrypted.  It is critical that you keep your antivirus active and updated daily. They are still not 100% fool proof, and the best defense is user education and excessive caution when opening email attachments or files downloaded from the internet.

What you can do to protect your computer and your data?

  • Do NOT open attachments from people you are not expecting to get attachments from. This includes emails from printers saying they have sent you a scanned document, or from shipping companies stating there is a customer support issue.
  • Continue to keep your antivirus signatures updated.
  • Importantly, the only sure way to beat this virus and others like it is to make regular backups of your data and store them offline.  If you backup your files to an external hard drive, do not leave it connected to your computer unless it is in the backup process.

What should I do if I get infected?

  • Immediately turn off your computer by holding the power button down for 10 seconds.
  • Do not attempt to move files or circumvent the problem.
  • Immediately contact your local computer support group

What should I do at home?

  • Backup your important data regularly to an external USB drive, and keep the drive disconnected.
  • Be sure you are running up to date Antivirus software
  • Scan your computer now for Malware and  Rootkits.
  • Do not trust links or attachments sent through email unless you are absolutely sure of what you are downloading.
  • Do not connect to an office network or VPN if you are unsure that your computer is clean.

What about other devices?

At this point Linux, Apple and Android computers and devices are not affected.
Cloud storage such as Dropbox, Google drive, etc. can be affected by this and other viruses if an infected computer is synchronized.

No comments:

Post a Comment