There’s a new virus running past many of the leading antivirus solutions, and we’ve had a number of clients affected by it. This new virus is of a type called Ransomware and the particular virus is called CryptoLocker, although there are and will be variants with different names. When this type of virus runs it encrypts all your key data files and then terminates with a screen indicating that unless you pay a “fee” within 100 hours, the key to decrypt your files will be deleted, and you will never be able to get your files back.
We’ve been asked a number of questions about this virus
· How can it get past my antivirus software?
· Is there a better antivirus software I can use?
· When will my antivirus vendor stop this?
Before answering the questions, however, it’s important to understand the primary way this virus gets into your system.
Based on the information we have so far, this virus typically arrives as an attachment to an email, and then within the email is some enticing offer for you to run the attachment. This is where we find the client gets into trouble – they assume the attachment is safe to run and they run it. This is EXACTLY what the virus writers hope for and therefore it is YOU who infects the computer. They rely on social engineering to get you to run the program much the same way a con man gets your bank account details.
Therefore the VERY FIRST line of defence to prevent this virus is so simple… DO NOT RUN ATTACHMENTS UNLESS YOU KNOW THEY ARE SAFE.
Virus infections these days have a lot in common with the influenza virus that we humans get each winter. A virus is released and it’s only due to the way that the virus works, or the way a virus looks that it can be identified. In a human sense, scientists do this by analysing the virus in a lab and looking under a microscope to see how it works. Scientists can then develop a vaccine to prevent further infection, or in some cases, they can develop a vaccine to prevent the behaviour of something that might look like a virus. We can go and get that vaccine from the Doctor to prevent ourselves from getting that particular strain of virus, but it won’t stop us getting any new strain that comes out after this point.
Bringing this back to computer terms, the antivirus software is very similar to ourselves, where the AV labs at the various vendors analyse and dissect a virus to understand how it works. They then produce pattern files that will detect the strain of virus they can see right now. Your computer gets these updates and can then protect you.
Here’s the key issue though and the question you need to ask yourself– if you were given a pill and you didn’t know it’s source or what it did, would you take it? I’m sure the answer is definitely not. Why then do people continue to run attachments from sources unknown or untrusted?
The one KEY WAY to stop this from infecting you is to NOT RUN THE ATTACHMENT in the first place.
What can I do if I’ve been infected by this virus?
There’s two thoughts here – if you pay the ransom, then the virus will supposedly decrypt the files and you are back in business. This might be the fastest way to get you up and running again. The big concern here however, is that now the ransom demand has been paid, the virus writers will KNOW that you are willing to pay them the ransom. What happens next time? Are you setting a precedent for future ransom demands? Obviously this is a business decision that only you can make.
The other thought here is to not pay the ransom, and to restore your files from backups. You do have backups right? This virus affects files on your server and the workstation that was infected. So you will need backups of both to resolve this issue. Of course we at Correct can assist in sorting this out, and also cleaning the infection from the machine.
How do I know once my machine is cleaned that the virus is gone?
Honestly – you don’t know 100% for certain it is ever gone. We do our best based in the information available to remove the virus, but we can’t be certain that the virus writer has not left things behind that might later cause you problems. The only real way to be sure the machine is clean is to restore the PC from it’s last good backup