There’s a new strain of Windows malware that’s doing the rounds and it’s pretty nasty.
Ransomware has been around for a while now, the concept is that you are convinced to click on a link in an email which ends up with the installation of a piece of software on your machine that stops you from working unless you hand over some money.
The most common variant flashes a message on your screen from the Metropolitan Police warning you that illegal activity has been detected and that your computer is now locked “until you pay the fine”.
Although worrying to see, these types of attacks are relatively easy to cure. However there’s a new kid in town, it’s far more malicious and cannot be easily solved. it’s called CryptoLocker and its bad news.
You get the infection by either clicking on a link in a phishing email or by visiting an infected website. Either way, the CryptoLocker software is installed on your PC without your knowledge. Some of the phishing emails reported so far look as if they’ve come from Companies House or as a supposed customer complaint.
Once it’s been installed it starts to encrypt your data using an almost unbreakable form of encryption. If you back up your data across a network or to an external hard drive and it’s connected then CryptoLocker will also encrypt your back-up.
Once it’s finished its encryption your PC will flash up a ransom message on your screen demanding a payment of $300 within 3-4 days with payment to be made through one of the anonymous cash services such as MoneyPak, Ukash or through the BitCoin digital currency.
If you fail to pay up the decryption key is destroyed immediately and your data is lost!
Although the software itself can be removed fairly easily from your computers your data remains encrypted so there’s no way to get your data back without paying the ransom and hoping that the criminal minds behind this scheme are good enough to share the decryption key with you without actually demanding more money.
Even experienced anti-virus company, Sophos, have been unable to find a way to decrypt the files without the decryption key.
So, how do you protect yourself?
- Make sure that your anti-virus software is always up to date, all of the good ones will do this automatically provided nobody has disabled it in the hope that it will make their computer run a little faster.
- Be highly suspicious of any hyperlinks in emails, hover your mouse over the link before clicking to see the actual web address the link goes to and if it bears no resemblance to what it should be then don’t click.
- And just use common sense when browsing the internet.
If you’re not sure about any of this, please don’t hesitate to give me a call on 01793 238020 or email me firstname.lastname@example.org
Previous posts can be viewed at http://enterpriseoms.wordpress.com/