What Are They and How Do I Deal With Them?
CryptoLocker and CryptoWall are examples of ransomware, a trojan than locks up your files and threatens to destroy the key unless you pay a ransom to enable the files to be unlocked again. You are given only a limited time to hand over the ransom fee, otherwise your data will be forever inaccessible.
They have been around for a couple of years and are reported to have infected over a million PCs worldwide, involving 5 billion files, and collecting over $100 million in the process.
CryptoWall is the current manifestation of this malware, as the CryptoLocker servers were seized by US and foreign law enforcement officials last year and shut down.
The ransom amounts demanded are typically between US$500 and $1000.
How Do I Get Infected?
CryptoWall uses a variety of methods including spam emails with malicious links or attachments, attacks from infected sites, and through malware programs already running on compromised computers. Recently, innocent-looking advertisements have appeared on popular websites like The Guardian and Facebook that lead to malware being downloaded to a user’s PC.
The lesson here is obvious:
- Never click on a link in an email unless you trust the sender;
- Don’t visit sites of dubious reputation;
- Don’t click on advertisements; and
- Ensure your PC has up-to-date anti-virus software that constantly monitors your PC’s activities.
Phishing is a pernicious way of getting you to click a malicious link. Phishing refers to email that looks as if it’s from a reputable company, e.g. your bank or Paypal, and asks you to click a link for some purpose. Reputable sites don’t do this. Always open a browser and enter the address you normally use for that institution. If there are any messages, you will see them there.
You are strongly advised not to use a work PC for non-work related activities.
I’m Infected!
Should you find yourself staring at a screen like this, your files are locked, even those in cloud services such as Dropbox, OneDrive, and Google Drive. In fact, any storage that is connected directly to your PC or over the Internet is susceptible to ransomware.
As soon as the message appears, turn off the PC, as the virus may still be in the process of encrypting your files. Restart your PC in Safe Mode by pressing F8 on rebooting.
Recovering From Infection
The files can only be unlocked by acquiring the decryption key, and that means paying the ransom. Paying the ransom is not recommended. You should contact your IT Vendor immediately.
To recover from the infection your IT Vendor may need to restore your system from a backup copy. This is why regular backups are essential. All the files affected – at least the ones you can’t afford to lose – should have been saved to an offline storage medium, and be as up-to-date as possible.
Before restoring from a backup, your vendor needs to ensure that CryptoWall has been completely removed from the system by running a full system scan using your anti-virus and anti-malware software.