You may have heard about the Crypto Virus which includes variants such as CryptoLocker, CryptoWall, CryptoDefense or TorrentLocker. It is one of the nastiest viruses that we’ve ever seen and there’s not much that can be done if you get hit. This is a very serious threat that we have seen firsthand with several of our clients within the past several months. This isn’t like any other virus and is not to be taken lightly.
Basically, like many viruses, it runs in the background on your computer, unnoticed, as long as it continues to be connected to the internet. While it’s working, it encrypts as many files on your computer as possible, including pictures, videos, documents, email, anything and everything. Once the internet connection is broken, it will display a message that your computer has been compromised, files are encrypted, and the only way to get them back is to pay a large ransom and hope (and I mean REALLY hope) that once paid they give you a special decryption key/program to help bring your files back. Since, once your files are encrypted, they are gone. It may look like everything is still there, as nothing seems to be deleted, but if you try to open any such encrypted files, you’ll notice they do not work anymore, no matter how hard you try.
Of course, paying such a ransom is a 50/50 chance that it will work and the price is usually pretty high, somewhere around $500-1500. Unfortunately, the virus works well and does several things to ensure that you cannot get your files back. It will span mapped local and network drives (thus affecting other devices and computers), it will delete System Restore points and other such ‘backups’ on your system, and if not removed properly, it can come back without much effort. The only true way to win is to have a recent backup of all of your files in a location that was not touched by the virus, such as an external hard drive that wasn’t connected during the time the virus hit. Sometimes we have seen that we may get lucky and get some files back after we do thorough searches on the system for recent deleted files. This only works if the crypto virus variant first made a copy of each file, deleted the original and then encrypted the copy. We have seen no other working method of getting files back other than backups.
There’s a lot of information floating around the internet about this virus and its variants, but the best places to get all of the information that you need are the following:
Please note that the best defense in this case is to have recent, good backups, in multiple places if possible (just in case the virus encrypts backups in one location as well). But of course, it’s best to not get infected in the first place. So please stay safe, don’t get click-happy, don’t download free programs like candy, and don’t ignore all pop-up boxes or warnings that Windows gives you. Always pay attention and be careful in everything you do while online and you’ll never have to worry.