Imagine – you’re working on your computer and a popup shows on your screen. Not all that unusual, right? But this one claims that all of your files have been encrypted and the only way you can get the decryption key is to pay $300. What do you do?
If you are like most people, you check the files saved on your computer immediately, your resume, your PowerPoint and you find out it’s true; your files can no longer be opened. Now what?
Sound like something out of a James Bond movie? It’s not. it’s actually the latest in a long line of mal-ware called ransom-ware. The most common one is called “CryptoLocker.”
Typically, the software installs itself after someone opens an email attachment. The email will seem to come from a trustworthy source, like a file from your network printer (usually shows up as Xerox) or a tracking notice from a UPS.
Then it encrypts everything on your hard drive and in your shared folders. If you are fortunate, it just hits your Microsoft Office files and stops at your computer. If not, it will look for File Servers.
Then the pop up appears, it explains that your files have been locked with a special code and that, if you want the key to decrypt them, you have four days to pay $300 (usually only accepted via Bitcoin). If you don’t pay, the key will be destroyed and your files can never be accessed again.
Unfortunately, the only way to get the data back is to pay.
There are ways that you can prevent or, at the very least, mitigate the damage this can cause:
1. make certain that all of your anti-virus and anti-malware software is up to date and running properly.
2. Make certain that you are making frequent backups that include a periodic full backup. Also, you need to to test file restoration on a regular basis.
3. Never open attachments in emails that you are not expecting or from a source that you do not know. If UPS sends you an update on the status of a shipment, it will only be because you asked for it.
At the end of the day, this and many other pieces of malware can cost you time and money in addition to creating a possible vulnerability for other attacks.
If you are not protected or just want to make certain that your security is up to par please have your techsupport person follow up or contact a qualified IT Support company and make sure you are not a victim of this time killing and expensive problem.