 |
| How vulnerable is your data to being held hostage. |
noun
A type of malicious software designed to block access to a computer system until a sum of money is paid.
You, or someone who uses your computer, receives an email from a trusted source and clicks on an attachment - not realizing that their email account had been "hacked" or that the attachment is an "executable" file. You notice that "something" flashes briefly on the screen then disappears. You go on reading emails not realizing that the "cryptolocker" program that you've inadvertently activated is encrypting and locking all of your data files. Eventually a window pops up informing you that your files are all encrypted and that you must pay to receive a "private key" to decrypt them and regain access.
You decide to do an online scan and you learn that your system is infected with cryptolocker malware. They offer to fix your computer - for a small fee. Adding insult to injury you've now fallen prey to a ransomware decryption scam. The cryptolocker malware can be removed but your locked files cannot be unlocked until you have the encryption password.Vikas Chandra Pandey writes:
Beware Spam Emails Claiming to Offer Anti-CryptoLocker Tools
PC users have been warned about a new phishing scam that falsely claims to offer people programs that will combat the Cryptolocker ransomware. The email is written in a casual and friendly manner. It asks if you have a Cryptolocker infection, then advises you to ‘Use the tool attached to decrypt your files!”, before wishing you “Good Luck!’’.
Downloading the attachment – a tool called ‘cryptolocker file de.exe’ installs RegistryCleanerKit, a legitimate piece of software made by Malta-based company Uniblue. It then scans your Registry (see screenshot), before showing you how many problems it has ‘found’. To fix the errors you need to buy the software.
At no point does it attempt to decrypt files locked by CryptoLocker. We asked Uniblue whether it was aware its software was seemingly being used as part of a scam, but at the time of going to press had not heard back.
From bleepingcomputer.com:
Is it possible to decrypt files encrypted by CryptoLocker? Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful. More
 |
| Don't close the barn door after the fact. |
If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.
Solution: "Don't close the barn door after the horse is gone!"
1. DO NOT click on attachments with executable files.
2. Follow bleepingcomputer.com's recommendation and ENABLE SYSTEM RESTORE and back up your files regularly.
That's why you should back up all of your files regularly.
ReplyDelete