Virus Alert -- Cryptolocker Even Scaring Techs

It's not often that seasoned computer techs fear a new virus, but the Cryptolocker virus that sprang up in September has even the most seasoned techs on my mailing lists frantically sharing information to blunt its effects on their clients.

That's why I have chosen to interrupt my normal monthly email schedule to send this alert about Cryptolocker, which can potentially prevent you from accessing any of your files ever again.

Cryptolocker attacks from infected file attachments sent in emails from unsuspecting computer users whose accounts have been hacked. Once the infected attachment is opened, it springs the virus, which then encrypts, or locks, all the files on hard drives, shared drives, network drives and even external hard drives.

That means you have no access to those files until you decrypt them. Worse, while you can remove the virus with anti-virus software, that doesn't decrypt the files.

To decrypt the files, you must pay a ransom (now more than $2,000 US in Bitcoins) to the attacker to obtain a decryption key that can unlock your files. Because the ransom doesn't often provide a working decryption key, realistically, the only way to retrieve them is from a backup that hopefully hasn't been encrypted, too.

If you don't have a backup, it is highly unlikely the files will ever be retrieved. That could be devastating to many small businesses and heart-breaking for those who lose personal files like photos.

So far none of my clients have been infected by this virus though one client did receive emails with the Cryptolocker file attachments in them. Fortunately, he didn't fall for the scam and deleted the emails.

Numerous other techs on my lists, however, have had to deal with this monster. The attacker is nimble, so the original Fedex and UPS Shipping subject lines have been replaced with other, more inconspicuous subject lines.

No one anti-virus product offers full-proof protection against it.

So what to do here?

1. Don't open any file attachments that you weren't expecting, even from friends or colleagues. If you were expecting an attachment from them, that's one thing. But if a friend or colleague sends an attachment unexpectedly, don't open it before CALLING and verifying that they sent it.

2. If you do open an unexpected file attachment, even if nothing seems to be wrong on your computer, immediately hold the power button in for 5 seconds to shut down the computer and call me at 537-4198. This is particularly important for businesses to prevent the virus from spreading to the server. 

Finally, now is a great time to double-check your backup plan to be sure you could recover from such an infection. Don't think for a second that your anti-virus software will stop this. Be certain that you have a backup system in place to recover from.

If you're a business, your backup plan should maintain multiple versions so you can go back a day in case the most recently backed up files are encrypted.

As always, I can be reached at 302-537-4198 for anyone with questions about this.