There’s a new threat running past many of the leading antivirus solutions, and we’ve had a number of clients affected by it. This new threat is of a type called Ransomware and the particular threat is called CryptoLocker, although there are and will be variants with different names. When malware infects your system it encrypts all your key data files and then terminates with a screen indicating that unless you pay a “fee” within a set period of time, the key to decrypt your files will be deleted, and you will never be able to get your files back.
How does this Ransomware get on my system?
Based on the information we have so far, this virus typically arrives as an attachment to an email (often an executable program disguised as a PDF or ZIP file), and then within the email is some enticing offer for you to open the attachment. The latest round of malware can be very convincing, for instance appearing as shipment tracking messages.
Your first line of defense is to only open attachments that you are absolutely certain are safe. A good rule of thumb is to only open attachments from people you know, and even then only if they have told you they are sending one.
Why doesn’t my antivirus program stop the Ransomware?
Malware infections these days have a lot in common with the influenza virus that we humans get each winter. And just as doctors try to identify and produce vaccinations against the latest human virus, the AV labs at various vendors analyze and dissect a computer threat to understand how it works. They then produce pattern files that will detect the strains they can see right now. Your computer gets these updates and can then protect you, but new strains and versions appear on a regular basis.
What can I do if I’ve been infected by this virus?
There are really only two options. Even if you use a program to clean your system of the Ransomware, it cannot unencrypt your files without the key. So option one is to pay the ransom. Unfortunately, there is no guarantee that the payment will results in restored files and will not protect you from future extortion.
Option two is to make sure you have good, regular backups of critical data stored off of the affected machine. You do have backups right? This virus affects files on your server and the workstation that was infected. So you will need backups of both to resolve this issue.
–Mike Gilmore, RESULTS Technology