Wednesday, October 16, 2013

CRYPTO LOCKER VIRUS


IS A HUGE DISASTER FOR THOSE WHO ARE INFECTED



Yes, I realize that this is my second post about Crypto locker but as more people are infected it's not too much to write about it again. Crypto locker falls into the category of "Ransomware", and while we've seen ransomware before, Crypto locker is a mean beast that you never want to cross paths with.

Once infected with this, and seeing their screen, there is nothing you can do to recover your data files (photos, spreadsheets, word doc's, music, etc.)


Reports I've read say that even after paying the fee to get the "key" that will restore your files, may not work. I hope you are doing regular backups, but if you aren't you'd better run down to pick up some USB hard drives,if you value your files, then disconnect the physical back up drive once completed. I would suggest that you buy several of these and rotate them into you backup schedule.

Online backups like Carbonite will not protect you, and if you have any shared folders to other computers or servers they will be infected as well. Crypto Locker has a list of files extensions to encrypt such as: 
 
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c, *.pdf, *.tif

It does this very quietly and by the time you get the red ransom page - it's too late, the damage has already been done. Moving your files around, or even removing the virus itself will almost 100% insure that if you decide to pay the ransom, it won't work.

If you are worried about this, you should be. Crypto Locker is a new breed of infection/ransomware and I'm sure other infections will follow suit. As email is the carrier for this I would think long and hard about opening an email that looks legit (Enclosed is your FedEx tracking number) so ask yourself some questions regarding the Subject line - it may just help you dodge a bullet and save $300 at the same time. As new information comes out about Crypto Locker I will post them here -

'Nuff Said,
Brian

No comments:

Post a Comment