Recently a virus that has been around since earlier this year, has morphed into a greedier and more prolific version. The current version of this virus was first reported in September of 2013 and is considered to be in the class of Ransomware. What this virus does is it encrypts certain file types on your computer such as pictures, documents etc using a mixture of AES and RSA encryption. Once the virus has encrypted the files, you will not longer be able to access them, and it will display a CryptoLocker payment program which says you must pay $300 USD within 96 hours or the encryption key which will unlock your files will be destroyed making your files for all intents and purposes unrecoverable. Currently there is no one who has been able to crack this encryption, and a brute for attack to decrypt the files would take a super computer years and years.
Although some websites have reported that this virus makes your computer completely unusable, that is far from the truth, you can still use your computer, the virus makers need you to be able to use your computer to pay the ransom, you can even easily remove the virus, however at this time, the only known way to recover the files is to pay the ransom (we are not suggesting to do this, as there is still no guarantee that it will get you your files back). The virus is being spread most commonly through email attachments that pretend to be from places like FedEx, DHL, UPS and are often sent to company email addresses. The emails contain a ZIP file that when opened show a file that will often to appear to be a PDF file but is actually a exe file (file names like FORM_12345.pdf.exe with the exe being hidden depending upon your computer settings). In order to see the hidden exe extension in Windows, open Windows Explorer (file manager ie My Computer), and if on Windows XP, Vista, or Windows 7, go to Tools, Folder Options, View and uncheck the box that says “Hide extensions for known file types” – in Windows 8, go to the View tab at the top of Windows Explorer and Check the box that says “File name extensions”. You should never ever run any kind of .EXE file that comes in an email, and you should only open any kind of attachment when you know that the specific person who sent the email was sending you that specific file – when it doubt, call the person/business, or send them an email asking about it BEFORE you open the attachment.
It is also been mentioned that if your computer is already infected with some malware that makes your computer a member of a botnet, that this virus can be automatically downloaded by other malware on your computer – you should always keep your antivirus and antimalware software up to date and do regular scans! If you do get this virus and your files become encrypted, you have 96 hours to pay the ransom or the current copies of your files will become useless. This virus is especially dangerous to businesses as it is reported that it can and will encrypt files that are on mapped network drives (usually on servers in businesses where files are shared and stored). Unless you have what is called shadow copies enabled on your computers, or have online backups or backups that are not on any mapped network drives, it is possible that you will never be able to recover viable copies of these documents once they have been encrypted – we highly recommend using online backup such as iDrive or Carbonite – ( visit us at http://pensacolacomputers.com/wp2 for more info on online backup solutions)
This virus is actually fairly easy to remove, however if it is removed by antivirus after the files are encrypted, you will have to manually re-install the virus in order to pay the ransom. The guys over at Bleepingcomputer.com have an excellent guide telling all about the cryptolocker virus as well as removal instructions – https://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information although if the virus morphs, these tools may not work.
For virus and malware removal, or general computer repair or computer service here in Pensacola Florida, Call Pensacola Computers today at (850) 390.4242
Pensacola computers has been providing licensed and certified Pensacola computer repair and Pensacola computer service to local businesses and home users since 2003 and focuses exclusively on Microsoft Windows and PC’s.