November 2013 - CrytoLocker
This is not a new idea, but this time round it has been properly thought out, and is a real menace. The intruder program encrypts all your files with proper military grade enryption. The decode key is then sent to secret server somewhere well outside the European Union. Without this key your files are gone forever. The only way to obtain this key (allegedly) is to pay the ransom demanded by the criminals. That’s not a course of action we advise, as we don’t know it will work, but we do know you will have handed your card details over to a criminal gang.
Please note that the program will encrypt ALL the files it can see - whether they are on your PC, a server, or your backup drive (if it is plugged in while the malware is active). You will loose the lot. There is no comeback. Gone forever. Dead.
The ONLY viable recovery from an attack is a restore from an (unencrypted!) backup.
Here are the steps you must take to minmise the risks you are running:
1. Backup regularly. (You will need multi-generational backup to be safe). Don’t leave your backup drive plugged in when not in use.
2. Make sure your operating system (Windows/iOS) is fully patched.
3. Make sure your AntiVirus is a current version & fully updated.
4. Do not open any email attachments you don’t recognise (UPS delivery notes, PayPal payment details, bank password reminders).
5. Train your staff - it’s nearly always someone else who triggers the infection.
Here’s some other stuff to think about:
|
Question:
|
Answer
|
|
Won’t my AntiVirus stop it?
|
Maybe, maybe not. The malware is a bone-fide application. Encrypting data is a fairly normal thing to do (Government laptops left in Taxis?), so if you choose to encrypt your data the AV program has no reliable way of telling whether it’s intentional or not.
|
|
My AntiVirus is from 2009, but it updates every day. Is that OK?
|
My shield and sword are polished every day, but I’m not relying on them to stop a 60 ton battle tank.
|
|
I habitually logon as an Administrator. Does that help?
|
Not only has it encrypted all your own files, it will have encrypted everybody else’s, and the system files, Exchange database, the lot.
|
|
I have an email that might be genuine, but I’m not sure. What do I do?
|
Find a PC that you don’t mind re-formatting. Make sure it has no network connection. Move the email (on a USB stick you won’t mind scrapping) to this PC. Open it. If it’s not OK switch off and call us. Just remember that there will be a delay between getting infected and the results becoming apparent.
|
|
Windows XP?
|
Sorry guys.
|
|
Help! I think I have been encrypted!
1. Disconnect from the network NOW (unplug cable, switch off wireless) & power off.
2. Warn everybody else on the network.
3. Call us for help.
3. Make sure your backup drives are disconnected & safe.
|
