Ransomware is not a new concept. Simply explained, it is software that encrypts your data and tries to sell it back to you, or else. The first reported case was back in 1989, the Aids Information Trojan. Usually theses kinds of infections are easily cleaned and the encryption used easily defeated.

That has changed with the latest ransomware, called CrytoLocker. It uses true 2 stage encryption and has caused thousands of people and businesses to lose their data.

Here’s how it works:

  1. The virus installs itself on your computer. Usually via infected email attachments or through malware (botnet infection) already on the users computer.
  2. The virus connects to a command and control server out on the Internet.
  3. The server then generates the public-private keys used for the encryption
  4. The infection on the computer uses the public key to encrypt all the files it can find that matches a large list of file types such as images, documents and spreadsheets
  5. The malware will then pop up a “Pay Page” (see image at top of this blog post) giving you a limited time, typically 72 hours, to purchase the private key required to decrypt – typically for $300
  6. After the time expires the private key is deleted from the command and control server effectively making the encrypted files unusable

The good news is the infection can be cleaned and removed. The bad news, according to Anti-Virus Security companies, is there is no way to recover the encrypted files. What the Public Key has scrambled requires the Private Key to unlock.

What You Can Do:

Prevention, in this case, is significantly better than cure:

Stay Patched. Ensure your operating system and software are up to date
Anti-Virus. Use professional grade versions (Free Versions are NOT adequate protection) and ensure it is updated
Avoid Opening Email Attachments your weren’t expecting, from people you don’t know or with suspicious file names and types
Regular System Backups. These backups should have multiple versioned backups (multiple copies of the same files taken at different points in time).

Don’t forget that services that automatically synchronize your data changes with other servers, for example in the cloud (think Dropbox, iCloud or Skydrive), doesn’t count as Backup. They can be extremely useful for data sharing however they tend to propagate errors rather than defend against them. In this case that would cause the encrypted file to be synchronized and that would case all copies to become un-useable.

Contact BeckTek to learn how our affordable Business Essentials and Total Care program can help avoid these kinds of data loss situations.