A nasty new virus has recently launched onto the scene for both private users and businesses. Its name is CryptoLocker. As of this writing, NONE of the major antivirus makers can block this from your computer. The way it works is as follows:
1. You get an email that *looks* legitimate. It has an attachment and wants you to open it in order to do whatever you need to do as instructed by the email. As soon as you open this attachment, you have the virus.
2. The virus silently roams throughout your entire computer and encrypts all of your documents, pictures, spreadsheets, and in some cases music as well. But it doesn’t stop there. On a business computer, it will also travel to every network drive that you have setup and encrypt those files as well (assuming you having permission to edit those files.) Once it is finished, it displays a nice picture on your monitor telling you what its done and how you can fix it.
3. This virus’s type is called ransomware because the writers want money in exchange for undoing what they break on your computer. In this case it is between $100-300 for the decryption keys to undo all of the encryption. This particular virus gives you 24 hours to comply, otherwise they delete the decryption keys and you are out of luck.
Your options from this point are:
1. Pay the ransom and get your files back. All of the reports we’ve found so far is that if you do this, you will get the decryption keys within 5-10 hours, and decryption will start then. The decryption process can take anywhere between a few hours to a few days, depending on how much data you have, and how many files it affected. Please note, however, that we do not condone this method, but it reportedly works and I haven’t read about anyone paying the money and not getting anything yet. The reports also show that the virus gracefully quits and deletes itself from your computer once it is finished with the decryption.
2. Have the virus removed from your computer and then restore all affected files from backups. This is what we have done with the couple of clients of ours that were affected. This is not an option, however, if you do not have a full backup of every file you deem important.
If you are unfortunate enough to get this virus, and already have backups, then please shut the computer down and bring it to us right away for repair. If you do not have backups, then you will need to make the decision as to whether you want to pay the ransom or lose the data.
For more information, please visit the following sites that have more info on the virus. Please note that these sites are not run by UNI Computers and we can’t verify the posted material as suitable for all ages. Crypto Locker – Reddit SysAdmin and BleepingComputer Forum