Ransomware / Cryptovirus Be cautious

What is Ransomware and how bad is it.

CryptoLocker Ransomware is a fairly new virus spreading around the internet. I’m writing this post because it is a bad and possibly irreversible virus spreading through the internet.

 

As like any virus you can get this by file sharing, opening unknown emails with attachments.

The safest way to avoid this is to not open any files that you don’t know the source of. Unfortunately there are many phishers out there that make their emails or websites look very legitimate.

How does this infect your computer

What this virus does is, after executing the file it will run in the background, and start to encrypt your files (including network drives, USB drives and anything attached to your computer). It uses a uniquely generated key (password) to encrypt all your files.
Once the encryption has finished you will be presented with a nice popup that looks like the following.

CryptoLocker

 

Once you see this, you are probably too late

At this point there is 2 choices.

  1.  Pay the ransom before the timer runs out, and get your files back
  2. TRY to restore your files from a backup. This method is only going to work if your backup hasn’t been encrypted. You can try to restore your data, but remember you have a time limit if you choose to pay if the backup fails.

How to protect yourself.

There are some preventative measures we can all take to stop this CryptoLocker or any ransomware virus from even starting on your computer.

In order to understand how to stop it, I will give a very brief explanation of how it works.

Once you activate the virus, it will save itself as a randomly named file in your “AppData” folder, and then will delete your system restore backups by hijacking your registry. It does this because you can use this to restore your un-encrypted file from your System restore. Once the restores are deleted it will return your registry back to normal. You may not even see what just happened.

Before I go any further I will say at this point your basically, screwed. Sorry but if this happened you have to do the pay or try to restore mentioned above. If you try to delete the infected file from your computer it will delete your private key (password) from its server and you will never see your data again. Be careful!

In order to prevent this we can set the computer to not allow any .EXE’s to run from your “AppData” folders, making the virus not even run. This can cause some un-wanted side effects while trying to install from websites. Just download these instead of clicking RUN on those websites.

There is a FREE tool to do this little tweaks for you and a paid version (that includes free updates notices) but the free version works perfectly fine.

If you want some more info on this virus you can checkout Bleepingcomputers.com‘s in depth information page on it. It will also tell you how to how to protect yourself.

For the non tech user here’s a link to the took i use to protect people from it. Its 100% free to use

Foolishit.com created this tool – CryptoPrevent

If you do not feel confidant installing this you can contact me and I can setup a time to help you install it, or install it for you.

Remember to keep your antivirus and malware software up to date, and scan regularly.