• Tweet

• Tweet

CryptoLocker Ransom Ware Is Here To Stay In 2014

Until last month, the worst virus that you could get on your system was ransom ware called the FBI virus. This virus came in many forms but the end result was always the same. The virus would hold you “ransom” and would not allow you to get into your computer. The virus would not allow you to do anything on your computer at all. The good news was that in the majority of cases, we were able to get around the virus and remove it without any ill effects on the computer.

CryptoLocker takes ransom ware to a whole new level. Not only does it lock you out of your programs but it also encrypts all your documents and files. The damage is so severe that there is no known way to get all your files back as they were before the virus hit. Please pass this info along to all your friends and family so as many are made aware of it as possible. This is considered the worst virus ever!

The virus is actually very well written and extremely sophisticated. The virus will use a very complex encryption that has a public key on a server in a secret location. Once encrypted, the only way to get your files back is to use that key. The only way to get that key is to pay the ransom. This is why I am going to say again how important it is to have a full cloned backup of your computer and to be sure it is up to date.

While getting rid of the virus is similar to that of getting rid of the FBI Trojan, once the virus is removed there is no chance of getting the key to restore your files. If you have a backup, this will not be a concern.

Once the virus enters your system the first thing you will notice is the inability to access your programs. You may get an error when clicking on a program or file. Once the virus is done encrypting your files, you will get the message that your files are encrypted and you need to pay either 100.00 or 300.00 to get them back. The price will vary depending on what version you receive. The program will also have a timer that indicates how long you have to pay. In the past scares like this were just scares, in this case it is all very, very real.

Although not recommended, we have heard of several who have paid the ransom and soon after, the files were decrypted and for the most part, things returned to near normal after the virus was then removed. I stress that this is not the recommended way to handle this but if you have an office with no backup, it might be your only way out. If you have a backup, you will not have to resort to such extreme measures as funding the bad guys.

In some cases we can get previous versions of some files and folders back after the virus is removed. System Restore would have to be enabled and working on your computer to do this. It is also more likely to work on computers running Windows Vista and up.

There are several ways that this virus can enter your system. Right now the most common way appears to be through e-mail attachments. The e-mail usually will appear to come from a shipping company such as DHL or UPS. If you receive one of these e-mails, do not open it! Of course, there are other ways this can come in as well such as through an infected website and you do not have the updated version of java or flash.

Prevention for this virus is very tricky. Even if you have the most updated version of your anti-virus program, you can still get the virus. There is no known program that will completely stop the Trojan from entering your computer. The only program that I know that might be of some help is Win Patrol. This little program monitors your programs and registry for changes and when something goes on behind the scenes, it will alert you and then asks if you want to allow the change or deny the change. Although not yet tested, this program has stopped a lot of other virus infections in the same manner. It would not hurt to try it. It will give you an added degree of security as all changes will be recorded and have to be allowed by you.

The best preventative of all is not to open any e-mail attachments that do not look right. If it is something you are not expecting, do not open it. If you recently shipped a package and you get e-mail with tracking information, do not open it. Delete the e-mail immediately.

With some prudent surfing and careful e-mail management, you should be able to dodge this horrendous virus and keep the crooks from getting rich off your hard earned money.

Update  11/4/2013 

The wonderful folks behind the CryptoLocker virus have listened to the ”customers” concerns and they have added a late payment option at a higher cost. These guys have actually set up an independently run decryption service.

This is how it works. The site allows you to upload one of your encrypted files and the server finds your decryption code that matches your files. A new page is displayed and the new amount that you owe to get your files back is now $2000.00! If you have already paid the ransom, you do not have an extra fee. This is only if you are late on your payment.

There have been large companies that have been hit and they had no choice but to pay up or loose all their files. This scam is getting more alarming by the day.

The bad news is that even cloud backups are being affected with this virus. There is only one known way to keep the virus off your computer and that is to change some settings in the mainframe of your system. The problem is that some programs may not run properly or you might not be able to install certain programs since the method blocks access to your appdata folder where CrytoLocker runs. This tool has been released and it allows you to apply and undo the settings on the fly.

Please note you may have to reboot your computer after applying the settings. The tool is called Crypto Prevent and can be installed either as a program or used portable from a USB drive.

Using this app can change your settings to block programs from running from your appdata folder. This can also prevent other forms of Malware. We recommend backing up before using this tool.

For the time being, most infections are coming from booby-trapped e mails usually from shipping companies. As the virus spreads, this could change in the future.

Update  11/19/2013

CryptoLocker has been making the news at almost all the major news ststions across the country, and for good reason. It is the new breed of ransom ware and we will be seeing a lot of it in 2014. The traditional FBI virus has been lowering in the number of infections across the United States. So far, Cryptolocker in the United States has infected 39,000 computers. That number is expected to soar to the millions in the coming months.

It is now known that millions of scam e-mails have been sent out or are going to be sent out attempting to spread the CryptoLocker virus. It appears that this is the primary way of transmission. In 2014, the number of infections is expected to soar.

The reason for all the hype is quite evident since this is a very dangerous virus. Getting the word out to as many folks as possible is our goal.

The best way to protect your self is to have an up to date virus program and to be extremely careful with e-mails. It is inevitable that some of these spam e-mails are coming to your inbox! Spread the word to everybody you know so we do not make these crooks any richer. This virus will be the new standard for 2013.

Update November 22, 2013

CryptoLocker updates are coming in almost as fast as the virus is spreading. It seems that as time goes on we are learning more and more about this horrible virus. You know things are bad when you read about a Massachusetts police department that had to pay a 700.00 ransom in order to get their files back. That is exactly what happened to a town called Swansea in Massachusetts. The department received the Malware through an e-mail attachment and they paid the ransom to get the use of their files back. Even the police department is not immune from this virus.

It is now known that your data on many online back up providers will also be compromised. A back up on an external drive that is kept disconnected from the main machine is the best way to protect you. Because of this, external hard drive sales are expected to skyrocket in 2014.

CryptoLocker will become more sophisticated over the coming months and will mutate so the current tools that are used to help block it will no longer work. In addition, if you own a Mac, there are no more bragging rights. CryptoLocker is coming to a Mac machine near you. You heard right, it is expected the virus will soon be able to infect Macs. If you own a Mac, you need anti-virus software.

This virus will attack all common file types such as Excel, Word, photos, movie files, documents etc. As of this writing, it does not seem to affect Quick Book files. That could change as the virus mutates over the coming months.

In the coming months, this malicious company will be bringing in profits that would probably make Wal Mart blush. Like it or not, this Malware is here to stay until somebody can shut them down. Doing so is often extremely difficult.

Update January 11, 2014

Just when you thought things were safe again new versions of ransom ware are being developed as we speak. Ever since the very first version of the FBI virus was introduced, Malware writers were busy working on new versions that would be harder to remove and that allowed the hackers to get more dollars from their efforts. It is starting to turn into an all out business for some. The problem is that most of the Malware does not originate in the US and as soon as a server is found and shut down, new servers start to pop up else ware. It makes catching the bad guys really hard.

The latest ransom ware called CryptoLocker has been around for some time. The number of infections has dropped some but it is still out there. Most of these infections have been coming from infected e-mail attachments.

The newest version of this software is getting ready to be released soon. It is called Power Locker. This new Malware is on sale to would be hackers for a relatively small price and that is how it is being distributed to the bad guys. Once the virus is implemented, it is almost guaranteed money for the cyber-criminals. This is very alarming news for the beginning of 2014.

This new variety also has the same encryption set up but it appears to go a few steps further. The software disables many of the keys that are used for recovery. Most of the other ransom ware infections did something similar but this one appears to do it more aggressively. Also, similar to CryptoLocker, the ransom ware hijacks your desktop so that almost all attempts to bypass the virus will fail. It becomes your new desktop, essentially.

The main danger is that is if you do not have a backup. If you have a separate cloned backup that is not attached to the computer, restoring your files is a cinch. All you need to do is to either switch the hard drives or backwards clone the infected drive. Here is a word of caution: Since the Malware can travel from drive to drive I recommend FIRST to reformat the infected drive or at least delete the infected partition by using a Windows disk before cloning your drive. If you plug in your cloned drive while the main drive is infected, you stand a chance of loosing that drive as well. Be sure the infected drive is clean before attempting to do a backwards clone.

Of course, it is always easier to just keep the infection out in the first place. Be careful with e-mails. Often times you will get e-mails about a package that are being delivered. The scary part about this is that you might of just ordered something from Amazon. Do not be tempted to see what the package is. Delete the e-mail immediately. It is likely not e-mail from any mail carrier.

The same goes for surfing the web. Do not go to uncharted waters. Stay on mainstream sites and do not click on anything that looks suspicious. Remember that almost all infections are preventable. They almost always require some sort of intervention from you.

If we all start to practice safe surfing habits, we can help to put these crooks out of business!

Article by, Joe Z    
If you have this on your computer call Joe Z
From Computer Geeks  he can remove it!  1-888-901-4335