Vicious virus locks-down files, demands ransom

WASHINGTON – The CryptoLocker ransom-ware infection is threatening home and business Windows computers with its ability to lock-down computer files and demand a ransom for their return.

“In the 25 years I’ve been working around computers, this is one of the most vicious things I’ve seen and it’s spreading fast,” says Ken Colburn, of The Data Doctors.

The infection often comes as an email attachment that appears as a PDF file, seemingly from well-known companies including FedEx and UPS.

“It’s actually not a PDF. It’s tricking people. It’s just posing as one,” says Colburn.

When an unsuspecting user opens the affected file, it starts encrypting all data files, including any attached backup drives or network devices that appear as a drive letter on a computer.

The infected computer displays a message saying “Your personal files are encrypted,” and demanding ransom of approximately $300, which quickly goes up to $2200, says Colburn.

“They actually lock down your files, so without a key you’ll never see your files again,” says Colburn.

The way to avoid getting infected is to avoid clicking on the attachment.

If regular FedEx or UPS users get an email, they should log into their accounts through those companies websites to ascertain if any genuine messages have been sent.

The CryptoLocker is of particular risk to businesses because it targets shared drives.

“One employee that trips up can basically cause the entire company’s data to get locked out, because a lot of companies are shared up with drive letters for shared information,” says Colburn.

Paying the ransom doesn’t guarantee your data will be unlocked. It’s also impossible to trace because payment is made through the anonymous Bitcoin and MoneyPak systems.

“We’ve worked with businesses that have gotten their files back. We’ve worked with others that have not, and others have had partial recoveries,” says Colburn.

Colburn says while the infection can eventually be removed fairly easily, the damage it does to files can be catastrophic if you don’t have a backup.

There is little that can be done after the computer is infected, he says. If a user is contemplating paying the ransom, Colburn says a skilled IT person can help create a solid off-site backup process to protect you in the future.

“Regardless of your anti-virus programs, these guys are a step ahead of all your security programs,” says Colburn.

Click here for more guidance from The Data Doctors on protecting your business from CryptoLocker.

Follow @WTOP and @WTOPtech on Twitter.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up