In November 2013, we brought you news of a new type of "ransomware", the Crpytolocker virus.
Unfortunately, this virus is still at large and plaguing personal computers and business networks.
Once a computer or network is infected, the virus will install itself and then encrypt all of the data it finds. You will therefore be locked out of all of your files. You are notified via a pop-up window that all of your data has been encrypted, and you will be shown a timer that counts down the time until your personal decryption key is deleted. Once that happens, there's no way to recover your data.
You do have the option to pay the criminals the ransom that they set (usually around £500) for them to release your decryption key and allow you to get back in to your files. This is not recommended as there is no guarantee that you will actually gain access to your data again, and it is also giving in and allowing the criminals to win!
Fortunately, there is still hope even if you do become affected by the Cryptolocker virus. Clients who are on our backup and disaster recovery service can have their data restored from their latest backup.
How to Spot the Cryptolocker Virus
The Cryptolocker virus is mostly spread via email, and comes as an email attachment. The email itself will usually be masquerading as something it is not, in order to trick people into downloading the attachment. Previous versions have appeared to be from well known shipping companies, with an attachment that allows you to "track your package". Another masquerades as an email from an airline company, with the attachment supposedly containing your flight details.
Recently, we have seen an email which purports to be from eFax, with the subject line "INCOMING FAX REPORT". There is a link within the email to download a fax report from Dropbox. If you click on the link, you will download the Cryptolocker installer.
Here is an example of how the email looks. If you see one, do not click on any links or download any attachments. Forward it to firstname.lastname@example.org and then delete it straight away, using Shift + Delete, so that it is deleted permanently:
Here is another example - using dropbox to spread the virus again, with the email masquerading as communication from RBS.
Tips to Prevent Infection
You should employ general email security best practices at all times.
- Treat all unexpected emails with suspicion.
- Do not click on any links or download any attachments unless you know that the email is from a trusted source.
- Even emails that appear to come from someone you know, may be malicious.
- Treat Dropbox links in emails with extreme caution, and do not click on them unless you are certain it is not a virus. Legitimate companies would not normally use dropbox for serious communication with customers.