If you use Windows, you need to read this. Cryptolocker is baaad news!


Share this. It's important.

I've written about the super bad Cryptolocker virus once before, but feel the need to stress getting a backup system once again. Just saw a laptop infected with this nasty virus yesterday, and it's devastating.

The virus itself is no big deal to remove if you know what to do, but it's the recovery of your documents that makes this thing so bad. Once Cryptolocker is allowed on your system, it begins the process of encrypting your files (mainly Word, Excel, PDF, etc.) Once it's done doing that, a ransom notice pops up stating that your files are locked and can only be unlocked if you pay the $300-$400 within 3 days. That part, unfortunately is true.

The techie side is this: Once allowed, your files are encrypted with both a public and private key. There is no way to obtain the private key, and thus no way to decrypt your files once they're encrypted. Per Malwarebytes blog:

“Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful. More information about how to restore your files via Shadow Volume Copies can be found in this section below.

If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.”

Bottom line is this: You NEED to have some sort of offsite backup in place to backup your files in the event this virus infects your computer. Otherwise, that resume, customer list, any of your documents are gone gone gone… an attached hard drive can also be encrypted by this virus, so it's essential to have a backup with versioning. Most online backup services have 30 days worth of history, so you can restore files to a time before they were encrypted and unusable.

Our favorite backup service is of course CrashPlan (http://www.code42.com/crashplan/) It's cheap, unlimited and reliable.

Call us if you need help with this virus or getting a backup plan in place. We'd be more than happy to help!

San Diego Computer Help

[email protected]

(619) 363-5325