Comment
1776
Tweet
5
Print
RSS Feeds

Vicious virus locks-down files, demands ransom

Wednesday - 11/13/2013, 12:25pm  ET

cryptolocker (Data Doctors)
The CryptoLocker virus locks files, and demands a ransom. (Courtesy Data Doctors)

Data Doctor Ken Colburn on CryptoLocker virus

CryptoLocker malware locks-down data, demands ransom. Colburn calls its "one of the most vicious things I've seen."

Download

WASHINGTON - The CryptoLocker ransom-ware infection is threatening home and business Windows computers with its ability to lock-down computer files and demand a ransom for their return.

"In the 25 years I've been working around computers, this is one of the most vicious things I've seen and it's spreading fast," says Ken Colburn, of The Data Doctors.

The infection often comes as an email attachment that appears as a PDF file, seemingly from well-known companies including FedEx and UPS.

"It's actually not a PDF. It's tricking people. It's just posing as one," says Colburn.

When an unsuspecting user opens the affected file, it starts encrypting all data files, including any attached backup drives or network devices that appear as a drive letter on a computer.

The infected computer displays a message saying "Your personal files are encrypted," and demanding ransom of approximately $300, which quickly goes up to $2200, says Colburn.

"They actually lock down your files, so without a key you'll never see your files again," says Colburn.

The way to avoid getting infected is to avoid clicking on the attachment.

If regular FedEx or UPS users get an email, they should log into their accounts through those companies websites to ascertain if any genuine messages have been sent.

The CryptoLocker is of particular risk to businesses because it targets shared drives.

"One employee that trips up can basically cause the entire company's data to get locked out, because a lot of companies are shared up with drive letters for shared information," says Colburn.

Paying the ransom doesn't guarantee your data will be unlocked. It's also impossible to trace because payment is made through the anonymous Bitcoin and MoneyPak systems.

"We've worked with businesses that have gotten their files back. We've worked with others that have not, and others have had partial recoveries," says Colburn.

Colburn says while the infection can eventually be removed fairly easily, the damage it does to files can be catastrophic if you don't have a backup.

There is little that can be done after the computer is infected, he says. If a user is contemplating paying the ransom, Colburn says a skilled IT person can help create a solid off-site backup process to protect you in the future.

"Regardless of your anti-virus programs, these guys are a step ahead of all your security programs," says Colburn.

Click here for more guidance from The Data Doctors on protecting your business from CryptoLocker.

Follow @WTOP and @WTOPtech on Twitter.

© 2013 WTOP. All Rights Reserved.