CryptoLocker Virus Sweeps Britain:

TooLate

The UK National Crime Agency (NCA) has issued an alert to computer users about the threat posed by the CryptoLocker Ransomware.

 

Following a similar alert issued last week in the USA the UK’s NCA has published a warning that criminals are engaged in a major operation to hijack Microsoft Windows based systems and hold  computer data hostage pending hundreds of pounds being paid as ransom.

 

This Trojan infection has been seen frequently in emails styled as coming from Amazon and other delivery companies such as DHL. This will change but the key method of infection seems to be from .zip files. (a commonly used piece of compression software) However to the user this might look not to be a .ZIP file but a .PDF or similarly harmless attachment.

 

Encryption
Once infected, CryptoLocker scans for a wide variety of files which it starts to encrypt using and advanced encryption method. It will do this on your hard drive and any other connected drives, including mapped file shares on your business network possibly folders that you might synchronize to like DropBox.

 

The file extensions that CryptoLocker will encrypt includes those commonly associated with documents, pictures, your email data, drawings and other typically critical forms of data.

 

Often the first sign of infection is the page shown above at which point it is too late.

 

This demands payment by a number of untraceable methods such as Bitcoin. The attack has been so successful that the value of BitCoins themselves have been affected through supply and demand.

 

Should I pay?

 

In the early days of this outbreak it was possible to pay the many hundreds of pounds and have the data decrypted. However the powers that be are working hard to shut down the attackers servers and as such removing the means of recovery so quickly that if you did pay the chances are not high that your data will be restored to you.

 

So what can I do?

 

Most up to date anti-virus software will now detect and defeat CryptoLocker virus so the key is prevention. Keep your Anti-virus up to data and run scans more frequently.

 

If you see a mail that you do not expect then do not open it or any attachment. Simply delete it.

If you are unlucky enough to become a victim of this Ransomware attack then it is not currently possible to decrypt the data files infected. All we can do is recover your data from your back up.

 

All computers in a business network should have their data held centrally on the server and this will be backed up daily. The previous days back up may be the only option for recovery so ensuring good back-ups is a priority. Blocking .ZIP Files and restricting user privileges to the minimum or preventing them running .EXE Executable files may be an option.

For home users the same is true. Windows 7 and Windows 8 users should use the back-up and restore facilities within their operating systems frequently and back up to a USB drive or similar which should be disconnected after the back-up is run.

 

No matter how tempting it is do not attempt to pay to get your data back.

 

The police have requested that all infections of this virus be reported actionfraud.police.uk