We have noticed that a handful of customers are becoming infected by the Cryptolocker virus. The virus installs Ransomware onto the host computer which encrypts files on the network, preventing users from accessing these files.
The term Ransomware comes from the fact that payments of $100 were originally demanded to decrypt files. The latest variant we are seeing is $300. Decrypting Cryptolocker files requires access to both the public and private keys used to encrypt them. Until AntiVirus vendors or relevant authorities get hold of the second key, the virus writers may be the only people around that can reverse the process. Researchers from a number of antivirus vendors are also working on a way to undo the damage.
Am I at risk?
Yes. Having up-to-date antivirus protection on your computers and servers will help prevent an infection, although due to frequent releases of new variants of the virus, the AntiVirus vendors are having difficulties releasing patches/updates to prevent infection in time.
What should I do?
In most cases, apart from paying the ransom fee which we don’t recommend, the only way to recover infected files will be to recover your files from a working backup. We recommend the following:
- Backup. We would recommend that all customers have in place a backup routine which is monitored daily. We already provide this to customers who subscribe to our Remote Backup service or Server Monitoring service.
Our recommendation: Remote Backup or Server Monitoring
- AntiVirus. We recommend that all customers install AntiVirus protection, and make sure their definitions and the program itself are up-to-date.
Our Recommendation: ESET AntiVirus Business edition
- Email Security. As most of these viruses are distributed via email, we recommend you have in place adequate email security that will filter most threats before they arrive in your mailbox.
Our Recommendation: Smart IT Email Security
- Be cautious. If you are sent an email attachment that you do not recognise or were not expecting, this could be a virus. Ideally do not open such attachments if possible
If you do find yourself infected with the virus, immediately shut down any infected computers and contact Smart IT.
If you would like more information on our recommended services please give us a call on 0330 223 3525 or click here to send us an email.