Everyday Tips from the ComputerMom - CryptoLocker Virus Alert

CryptoLocker is a form of ransomware that silently installs itself onto your computer and encrypts all of your personal files in a way that makes them totally unusable.  The virus creates a private key to unencrypt your files - then it sends that key to a remote computer controlled by the criminals who wrote the virus. 

Although the virus itself is relatively easy to remove, your files cannot be recovered without the key to unlock them, and you will not be given the opportunity to do so if the virus has already been removed from your system. The key is destroyed in a few days unless you pay the ransom.  A countdown timer tells you how long you have to pay, and the ransom is currently either $100.00 or $300.00.  There is a lot of information about Cryptolocker on the web but I want to distill this into some simple bullet points so you can really understand the risk.  

• If you get infected all of your personal files including documents pictures and music will be scrambled. There is currently NO WAY to fix those files once they are encrypted without paying the criminals for the key
• The virus spreads to all drives on your system, so if you have a backup drive or network drives attached at the time of infection your backup and networked files will be useless to you as well. This is a really serious risk for businesses with network drives and shared documents
• Up to date antivirus software will NOT fully protect you against this infection - the virus is designed to get around antivirus software and is constantly evolving and staying one step ahead.
• Antivirus software may remove the infection after your files are already compromised and thus make it harder for you to recover your files if you choose to pay the ransom
• CryptoLocker is designed to not reveal itself until AFTER your files have been encrypted and it's too late to stop the damage

CryptoLocker can be spread by malicious links in phishing emails or it can be installed by an existing virus infection on your computer. You can also get it via "drive by download" if you surf to an unsafe or hacked site. You need to be wary and be prepared.

• Be very cautious clicking on any links in emails, and make sure the "from" name matches the address of the sender.  Be especially suspicious of emails supposedly from shipping companies like FedEx, DHL and UPS.  Don't open any attachments you weren't expecting without questioning the sender
• Make sure your system is fully up to date and patched
• Uninstall old versions of Java from your computer
• Keep a current antivirus program on your computer and run scans regularly
• If you experience problems like frequent crashes, internet redirects, or system slowness you may need to call a technician and see if your system needs a complete cleaning
• Install a small utility, called CryptoPrevent from Foolish IT, that attempts to block the type of executable file used by CryptoLocker from installing on your computer. This software might block other programs from running but the protection is worth it - I've installed it on my own systems.  

Even if you do everything right you can still get this virus, so if you want to protect your data you must back up your computer and keep the backup separate from your system. Do it now, don't wait!

• Back up to an external drive, using either Windows backup software or the software that came with the drive. Don't forget, CryptoLocker will encrypt the data on any drive that is attached to your system, so only attach your backup drive when you are actively running the backup. For even more safety purchase several drives and rotate which one you use for backup
• Burn your most precious files, like resumes, tax records, and pictures, onto DVDs or CDs 
• Subscription based on-line backups services like Carbonite, Mozy and CrashPlan are good alternatives.  They keep several versions of backups but those can get overwritten by newly ruined files. If you get infected disconnect from the internet immediately, uninstall your on-line backup software, and call their customer service

This threat is serious, evolving quickly (there is now a “service” from the virus writers to recover files after the timer has run out for a mere $2100) and, according to the experts I have been following, only going to get worse.  So please, back yourself up in a secure manner, tighten your security, don’t click on links you don’t know or trust, and spread the word!

Julie Marto, the ComputerMom, has been providing friendly and personal technical support and training in Medfield and neighboring communities for over 16 years. For more information visit  http://www.thecomputermom.com/ or like her on Facebook 

To read more blog posts from the ComputerMom click here.