Your Worst Computer Nightmare – CryptoLocker
Ransom ware is a variety of malware that, once it infects its host-machine, at least says it’s encrypted the data on or locked its victim’s machine in some other way. The malware then informs the infected user that he or she must pay a ransom in order to unlock their files. Of course, there is never any guarantee whatsoever that paying the ransom will unlock anything. In this case the Cryptolocker really carries out the threat, The virus encrypts files stored on local hard drives and mounted network drives using public-key cryptography, and then displays a message saying that the files will be decrypted by a 2048-bit RSA key pair if a fee is paid through an anonymous payment service by a specified deadline, beyond which decryption is no longer possible. There is no way to decrypt the key.
US-CERT issued an advisory this week warning businesses and consumers of the risks presented by CryptoLocker, which has been on the radar of security experts since late October. US-CERT said infections are on the rise and urge victims not to pay the ransom, instead report it to the FBI’s Internet Crime Complaint Center.
How the virus works – What does it steal from you? Who does it Target?
CryptoLocker installs itself to the Documents and Settings folder on your system and then proceeds to search for specific file types like Microsoft Word Docs or Adobe PDFs. It applies an asymmetric encryption which requires both a public and private key to unlock. The public key is stored in the virus itself and is used to encrypt the files. The private key is hosted on the hacker’s server.
We have noticed a high infection rate here in Baltimore County as well as the surrounding metro Baltimore area. This is serious business for these thugs and for the first time this type of attack is being considered organized crime.
How do I get it?
- As an email sent to company addresses pretending to be from customer support from FedEx, UPS, DHL, etc. The virus is attached to the email, usually labeled as a tracking number.
- In PDF documents that are attached to emails.
- Via hacked websites that can exploit computer vulnerabilities to install the infection.
- Through Trojans that pretend to be programs you need to download in order to watch videos online.
Some versions of CryptoLocker are reportedly capable of affecting not only local files but also files stored in Removable Media such as USB sticks, external hard drives, network file shares and some cloud storage services that are able to sync local folders with online storage. The US-CERT notification also warns that the malware can jump from machine to machine within a network and advises that infected users remove affected machines from their networks immediately.
Can Baltimore PC Repair remove the virus?
The techs and engineers here at Perry Hall PC Repair have had success with removing the virus but at this point it is impossible to retrieve the encrypted files so honestly the best practice is to wipe the hard drive and start over.
IMPORTANT SAFETY INFORMATION
- Beware of attachments – Always look at your attachments. If you get an email with an attachment from any sender you don’t personally know don’t open it. If you get an attachment from people you do know, but it isn’t something they would normally send, don’t open it. For all other attachments, try confirming that the file attached is in fact legitimate by asking the sender.
- Backup your data – Be sure to always backup your data on a regular basis. If you backup files on a daily or even weekly basis and are infected, you can easily wipe your hard drives and start again without losing much in the way of data.
- Know what to do if infected – If you are infected the first thing you should do is disconnect from the network to limit the chance of the virus spreading to other systems. If you have backed up your system and data, you can probably revert your system. If not, your best plan of attack would be to contact us to see if we can help, as we may be able to get around the encryption or even delete it