CryptoLocker – a Seriously Dangerous New Virus

There is a new virus in the wild, worse than any other virus I’ve ever seen.  It’s called CryptoLocker.  Once it gets into your system, it encrypts your files (all your personal stuff) so you can never read that data again, unless you pay their ransom ($300-400 USD).  It is a legitimate thing.  A terrible, evil, legitimate thing.  Your files will be locked.  You will have to hope you have a backup.

CryptoLocker is a new, bad virus that destroys your data.
CryptoLocker is a new, bad virus that destroys your data.

What can you do to protect yourself?

  • Update Java. You know that annoying orange icon that always tries to install a toolbar? Yeah, run that. If you have a Ninite Updater icon I put on your desktop (or in a shared drive somewhere), run that. That will automatically update Java without the toolbar. If you haven’t heard of Ninite, go to Ninite.com. If you just want to update Java, go to ninite.com/java. It’s a super-simple, free, awesome installer/update utility.
  • DO NOT DOWNLOAD .ZIP ATTACHMENTS. Don’t trust them, even if they’re from someone you know, unless you confirm with them that they intended to send it or you are specifically expecting it.
  • NEVER RUN A .EXE FROM AN EMAIL. If it’s a .exe file inside a zip file (.exe shows when you open the zip), never run it. I don’t care if it’s from me. Don’t run an executable file from email. 99% of the time, it’s a virus.
  • Don’t trust emails, generally. Spammers and virus-writers like this are smart and they know how to play on your emotions to get their way. Recent emails we received appeared to be LinkedIn Resumes. Those were this virus.

If you get infected, the 2 recourses you can make are a) pay up and let your files decrypt. Maybe call the police afterward, if you believe that’ll help. B) Restore your files from backup.

This is a seriously dangerous virus; the most dangerous I’ve ever seen, so be careful. Don’t trust email. Be smart when you click. Pay attention to pop ups. Call your IT provider at the first hint of suspicious behavior. They can tell you if you can trust it or not if you have a question.

It’s a pleasure being your IT guy. I hope I don’t have to help any of you through a data encryption nightmare like this.

As always, make sure you have an up-to-date, offsite backup. I recommend a cloud backup solution in addition to a local backup solution, if feasible. Contact me if you’d like more advice or would like to hire me to take a look at your business network.

-Matt