HEADS UP!!!
Posted: 30 Oct 2013, 03:05
Particularly new NASTY virus going around....CRYPTOLOCKER
If it gets in it encrypts a load of your data files (xls, doc, pdf etc), and to get them decrypted you have to pay $300-$350.
What is really bad is if you clean the infection off your system you are still left with encrypted files.
There is not a hope in hell you can crack the encryption, best estimates say that using the fastest super-computer available it would take 100's of years.
It will also affect external hard drives connected to your computer (in fact anything that gets a drive letter, including networked drives), so any backups on it get encrypted also.
Best advice -
Backups should be kept off-line, ie not connected to your computer - until needed.
If you are using Windows 7 Pro or above or 8 Pro or above, you can add software restrictions that will stop the current versions from executing. They use the %AppData% and %LocalAppData% folders.
The restrictions also prevent the exe's from being run from within an archive.
Lots more info out on the web, good source of what is currently going on (plus how to restrict computers) is in the forums here...
http://www.bleepingcomputer.com/
They reckon these 'people' have so far taken millions of dollars in 'decrypt' payments from companies who can't afford the downtime of a complete file restore.
Have enabled the restrictions on ALL the computers at the place I work for.
Good additional counter is to show file extensions.
Windows 7 by default hides them.
Goto any folder
- select 'Organize' (top left of window)
- select 'Folder and search options'
- select 'View'
- UNCHECK 'Hide extensions for known file types'
You will now see the file extension for all files.
They have been sending emails with what looks like a PDF or a Voicemail file (they have the correct icon look), but they are actually exe files containing the virus.
So with the change above instead of just seeing MYPDF as the attachment name, you would actually see MYPDF.exe or MYPDF.pdf depending on if its real or not.
Be safe!
If it gets in it encrypts a load of your data files (xls, doc, pdf etc), and to get them decrypted you have to pay $300-$350.
What is really bad is if you clean the infection off your system you are still left with encrypted files.
There is not a hope in hell you can crack the encryption, best estimates say that using the fastest super-computer available it would take 100's of years.
It will also affect external hard drives connected to your computer (in fact anything that gets a drive letter, including networked drives), so any backups on it get encrypted also.
Best advice -
Backups should be kept off-line, ie not connected to your computer - until needed.
If you are using Windows 7 Pro or above or 8 Pro or above, you can add software restrictions that will stop the current versions from executing. They use the %AppData% and %LocalAppData% folders.
The restrictions also prevent the exe's from being run from within an archive.
Lots more info out on the web, good source of what is currently going on (plus how to restrict computers) is in the forums here...
http://www.bleepingcomputer.com/
They reckon these 'people' have so far taken millions of dollars in 'decrypt' payments from companies who can't afford the downtime of a complete file restore.
Have enabled the restrictions on ALL the computers at the place I work for.
Good additional counter is to show file extensions.
Windows 7 by default hides them.
Goto any folder
- select 'Organize' (top left of window)
- select 'Folder and search options'
- select 'View'
- UNCHECK 'Hide extensions for known file types'
You will now see the file extension for all files.
They have been sending emails with what looks like a PDF or a Voicemail file (they have the correct icon look), but they are actually exe files containing the virus.
So with the change above instead of just seeing MYPDF as the attachment name, you would actually see MYPDF.exe or MYPDF.pdf depending on if its real or not.
Be safe!
