New Virus Hits The Scene

Probably one of the most invasive and destructive viruses to hit workstations and servers in years began making its rounds at the beginning or the year. The ransomware named "Cryptolocker" is installed on a computer and then begins to encrypt files on that users computer and worst of all, any network share locations. So even if you are using a file server that users have network drives to, the data there is not safe. When the virus encrypts the files they are no longer able to be accessed. The encryption at this time is unable to be broken as it uses Private and Public keys in order to encrypt the data. The problem is that one of the keys needed to decrypt the files is located on a remote server so without that key, you cannot get access to your files.

The first strain of this infection that started in early 2013 demanded $100 from its victims in order to decrypt the data. The newer version has bumped that fee up to $300. While researching this I came across numerous corporate companies that have had this happen to them as well and they claim that paying the ransom does indeed begin to decrypt your files. Why not just trace the money back? Well the problem is that they can't. The currency forms they want to be paid in are virtual currency like bitcoin that do not have any way to be traced back. Basically you go to Walgreens or somewhere else they sell the pre-paid cards, purchase one, and put the code into their software. While the infection it self is fairly easy to remove, with something so invasive I would highly recommended formatting the infected machine just to be safe. As we said earlier at this time the only known way to get access to the files again is by paying the ransom. While we don't normally ever say to pay ransoms, with critical business data at risk this may be your only option IF you didn't have good data backups. That's right, simply having a good data backup strategy allows you an out, you can just format the infected machine, delete any encrypted data on network shares and recover the data via your backup. One other note, removing the ransomware makes it impossible to recover your data on the infected machine, also if you don't pay the ransom in the allotted time frame, the software uninstalls itself and prevents you from accessing your data on that machine again. Confirmed infection vectors so far have all been through social media, email attachments, things of that nature. Basically you have to click on a link to install it. If however you machine was infected by a trojan that is sitting idle on your machine, there have been reports that certain botnet networks have been paid to push this malware to those infected machines so just because you didn't click on anything doesn't mean you cant get this infection. The moral to this story is its extremely important to have a good backup strategy in place to save you from invasive malware like this, failing hardware, and data corruption. Contact us today to see what our data backup solutions can do for you or your business. Also don't rely on Dropbox, Box, SkyDrive and other cloud file services as backup solutions, they're not. Have questions about backup solutions ask us! Visit our website today for more information regarding our services: www.abccsg.com

#virus #malware #ransomware #Antivirus #Toledo #ComputerSupport #ITSupport #ToledoOhio