Hi everybody. Today while working what we thought was a routine computer clean up; we came across a system that was infected with the Crypto Wall virus. Upon inspection, we found that all documents and pictures on this computer were completely inaccessible! The Trojan had done its dirty deed and did its job very well.
We have talked about these types of virus infections in the past but we have not seen a lot of infections first hand. Fortunately, very few of our customers have encountered this deadly virus. Most of the infections we have been seeing have been the less intrusive but annoying adware type of infections. Many of these infections have been getting into systems quite easily, especially with Google Chrome.
Once it was known that the virus had completely made all the documents on the computer useless, our first question is “Do you have a backup?” The answer in this case was no. This is why I stress in almost every article I write the importance of backing up your valuable data. This is a case where even if you remove the drive from the computer, there is no way to get your information back. It has been reported that when you pay the 500-dollar ransomware fee, you get a key to decrypt to unlock your files. We do not encourage folks to do this under any circumstances.
At this point in the game, it is always a good bet to at least try system restore. In this case, the restore points were still in tact and completely deleted. The big question is will it work? I was very doubtful because system restore usually does not change your documents and that was the very thing we were trying to retrieve. I decided to give it a shot anyway since we really do not have anything to loose.
I chose the farthest restore point I could find within system restore and followed the procedure to restore the computer. The operation took quite some time as expected. When all was said and done, the computer restarted and stated that the restore operation was a success. I went right to one of the affected files and again the file failed to open.
At this point we have no choice but to recommend a reformat of the system since the documents and pictures were toast, there is actually little to loose at this point. In addition whenever you get an infection of this nature it is always best to reformat if you do not have an image or a backup.
Since the customer’s computer was fairly old, they opted to get a new system rather then reformat the old computer. They were planning on replacing it and this just made it the process happen a bit quicker.
The best way to avoid this horrible virus is to be careful what you click on when you are reading your e-mails. Often times this virus will come with an e-mail telling you that it is tracking information for a package that you just purchased. The e-mail can come in other forms but this is the most common.
The main moral of the story is that this CAN happen to you. It matters not how strong your security is. You are still vulnerable. Please make sure you have a good backup strategy! Since this virus can affect not only your personal computer but also your networked computers and attached hard-drives, be sure to keep your backups away from your main computer when not is use for protection. The only thing worse then not having a backup is to find that your only backup is infected as well. Do not let this happen to you.
Article from, Tech Joe