Ransomware Viruses

CryptoLocker 2015 Warning!!! Warning!!! Warning!!!

Ransomware viruses EG CryptoLocker seem to be on the rise in WA. This is a very serious threat for data files on your computer and one of the worse we have seen. In the two instances we have seen recently, the virus has infected the computer via an email pretending to be from Australia Post about a missed delivery. It then asks you to click a link to track the package. If you click the link your computer will be infected with the CryptoLocker virus and it will then silently start encrypting your files and deleting the originals. When it has completed encrypting all your data files the virus will display a ransom message.

This virus will not only infect your computer and encrypt your data files but it will also encrypt all files that the infected computer has access to IE. USB drives, flash drives and any data shared on other computers or servers etc.

Once your files have been encrypted there is no way to DE-encrypt the files without the 256 bit key known only to the scammer. Your only choice is to remove the infection and restore your data from backup.

Some ways to help stop infections

  1. Ensure your Antivirus and/or Anti-malware software definitions are kept up to date.
    Anti-virus programs will protect you from known versions of the virus but will not stop new variants or entirely new strains.
  2. Ensure any programs you use are up to date and the Windows updates are applied on a regular basis. This will help fix bugs in the Windows operating system and associated programs that could provide entry for the scammers or viruses.
  3. Advise all family or staff using computers on the network not to click any link in emails, Facebook or any form of social media unless they know who sent the email.
  4. Ensure your computer and data are backed up on a regular basis either to an external drive or to an online backup service. If you use an external drive for backup then ensure that you disconnect the drive from the computer or use more than one drive for backups.
  5. If you suspect that your computer is infected or see files with the file extension of .ENCRYPTED then we would recommend that you turn your computer off immediately. As the longer the infected computer runs the more files it can encrypt.

Business Computers additional notes
Workstation computers should store all company data to the company server. That way if the workstation computer becomes infected with a virus we can erase the hard disk drive and reload the basic workstation software. The virus may succeed in encrypting data files on the server but these files should be recoverable from the daily backups of the server.

Home computers additional notes
Ensure you have backups of your computer, either use an online backup service or backup your computer to an external hard disk drive. We can help setup software to back up your entire computer and show you how to run the software. You will then just need to ensure the backups are done on a regular basis and that you have two sets of backups as a minimum.