Before you think ‘this must be another hoax’ , unfortunately it isn’t. I’ve seen this nasty attack twice in the last week, and the effect is nothing short of a disaster. The first you will know about it having got onto your system will be:
• You open a file, and find it is gobbledegook
• You get a large red message telling you that your files are now all encrypted, and you must pay a $300 ‘ransom’ for the unencryption code within (usually) 72 hours.
Virus checkers don’t detect it. Probably because this is something called a ‘cryptolocker ransomware trojan’ – somewhat nastier than a virus.
It will have snuck onto your system via an innocent looking link in an email or social media link (probably Facebook), and then quietly set up encryption on every data file on your system and every other PC connected to your network. Only when it has encrypted every data file, does the red message appear.
I personally know of 2 cases. Both have had experts try to unencrypt their data, without success. One person paid the ransom, and recovered some of their data, but the system then became re-infected which re-encrypted the files. The other person has their files back, but only after reformatting their disk first.
The best advice I’ve had so far is:
• Backup your files regularly either to the cloud (not a network drive service like Dropbox), or to a device e.g. an external drive that is then disconnected from your PC or network. Don’t forget to back up your emails, photos, pdfs, videos etc.! It gets those too. I personally backup to the cloud using Carbonite, but there are other options.
• Be extra vigilant about clicking links or attachments.
• Run a free trojan checker called Malwarebytes. There are others, but I’m not sure how good they are. This won’t recover your files, but will at least alert you to the problem and may give you time to disconnect the PC from your network. The damage will probably have started though.
• If you are unfortunate enough to get caught, you will have to remove the Trojan and recover all your data files. You may need to complete re-format your disks to be completely safe.
I feel sure that the virus checking companies will pick up on this soon, but in the meantime, someone is making a fortune from the unprepared. The authorities appear to be trying to track these criminals down, but they can’t ‘follow the money’ easily due to them (I believe) using an untraceable internet currency called bit coins.
Good Luck!
Jacqui
Update – Symantec claim that Norton will now detect this malware. I’m still running a regular malwarebytes check though, just to be sure.
Another thing to be extra vigilant about is your USB devices. There are many viruses out there that are transmitted by flash drive, dongle and mobile phones so don’t plug any of your devices into an untrusted computer.