Recently, we assisted a client whose home computer was infected with a new malicious software threat. Since then, we have seen several industry and mass media reports on the threat. The customer received a pop-up that reported his personal files had been encrypted and to decrypt them, he should send the malware author $300 within 72 hours. If he failed to send in the money, the encryption key would be deleted and the files would be lost forever. Because this customer’s home computer was connected to the company network drives via VPN, the malware encrypted files on the company server as well. Because this client was using a disk-based backup which backed up changes every 15 minutes, we were able to recover the encrypted company files very close to when they were encrypted. No company data was lost.
This malware, called CryptoLocker, ushers in a new era in malicious software. This is the first broadly distributed malware to hold your actual data hostage. Once the data is encrypted, it is lost unless you have a backup or elect to pay the ransom.
This client’s adoption of preventative measures was the only reason we were able to undo the damage to their system. Here is a review of the basic preventative security measures that every computer user should follow:
- Keep your computer up-to-date. Update the Operating System and software. Critical components to keep updated: Windows, Java, Flash, Acrobat, Chrome, Firefox, Safari, Opera, etc.
- Ensure that you use and keep up-to-date a quality anti-virus product. Chortek LLP is currently recommending ESET Endpoint Antivirus. Though there are free solutions that are available, they should be considered only the absolute minimum coverage.
- Read e-mail safely. Avoid opening any attachments you weren’t expecting. Don’t click on links in e-mail messages. Copy, paste, and review links before opening them in a browser.
- Keep regular backups. Businesses should use commercial backup solutions. Individuals should use at least a file-based backup solution. There are many solutions available. Several Chortek consultants use CrashPlan for our personal files and computers. This particular package gives you the option to use a paid cloud component or create your own private cloud through the free Friends and Family feature. Whatever the backup solution you choose, it needs to have a previous version restore function.
If you are infected by CryptoLocker, immediately call the Chortek Support Center (262.522.8226 or 877.526.8226) to clean the computer. The files that have been encrypted will have to be restored from backup. If you would like help ensuring that a data loss disaster can be avoided for your computers, contact Michael Senkbeil at firstname.lastname@example.org.