Cryptowall and Cryptolocker: What you need to know about Crypto / Ransomware
What is Crypto / Ransomware?
Ransomware is malicious software that infects your computer using a variant of the Trojan virus. The software encrypts files on your local and mapped network drives, rendering their contents inaccessible. Once your files are encrypted, the virus will generate several files (e.g.: “DECRYPT_INSTRUCTIONS.html” or “HELP_DECRYPT.txt”) which contain instructions to pay the virus distributor a fee to decrypt your data. For many of these viruses, paying the ransom is the only way that you can get your files back – unless you have working backups!
How is it spread?
Ransomware is spread in multiple ways, such as malicious email attachments, compromised websites which execute code using Java or Flash, or infected downloads from untrustworthy sites. The software can also be installed when your machine is infected with lower-grade malware that opens up a back door to your system.
Will my Anti-Virus stop it?
While a good anti-virus program can stop many versions of Cryptolocker / Cryptowall, new variants are constantly being developed – up to hundreds every day. Anti-virus programs are reactive by nature, so when a new version comes out, it takes a bit of time for your anti-virus software to have a fix for it.
Once I have it, what should I do?
The first thing you should do is disconnect your computer from your network. Even better, immediately shut the machine off and call your IT provider. They may be able to bring the encryption process to a halt.
The precautions you MUST take!
Store your data on your server, never locally / have a good backup!
The number one thing you should do is have a good backup of your data. That’s why we always advise end users to store their important data on their servers. Odds are, your server is constantly backed up – unlike a local workstation.
Don’t open attachments that you don’t recognize!
Many times these attachments come in form of a .zip or .pdf. They may even appear to be from a valid sender – like FED Ex, UPS or the IRS. If you’re not expecting an email from that sender, DO not open the email attachment! Further, if you get an email from someone whom you trust but aren’t sure about an attachment or the content of their message, call them to check before opening it. Their email may have been hacked by virus / spam distributors.
Have a good anti-virus program installed and up to date.
You should always have an up-to-date anti-virus program running on your machine. While it may not protect you completely, it will stop many types of ransomware – and other nasty software!