Drake Hardware & Software
IT Consulting

CryptoWall Ransomware Trojan is running ramped on the Internet.

Important - please read the following article from Info Security Magazine

Full Article

What is CryptoLocker /CryptoWall 2015?

CryptoLocker and CryptoWall (each has many versions) are a ransomware trojan. Hackers use CryptoLocker and CryptoWall to hijack computers and hold your data for ransom. Once it is installed, it encrypts all of your data, making it impossible for you to view or access your files. The only way you can get your documents, photos and other important files back is if you have the key the hacker used to encrypt your data. You can get this key…for a price. In examples we have seen, the user has 4 days to pay $300 to get the key. After that, the price may double or triple for a few more hours, and then your files are destroyed.

Paying the ransom for a CryptoLocker and CryptoWall attack should be your very last resort. By paying the ransom, you are supporting a criminal enterprise and helping it flourish.

IF you think you have CryptoLocker and CryptoWall:

The first thing you should do is unplug your computer right away. It takes time for all of your files to be encrypted. If your computer is unplugged, you can save some (or most) of the files from being encrypted.

Then, contact your trusted PC Consultant or IT Professional who will help you retrieve your files or restore from a recent backup.

How to Avoid CryptoLocker/CryptoWall in the First Place

  • Backup your files, preferably an everyday backup. Review what is being backed up. Are your documents, pictures, software databases and any other information that may be important to you or your company truly being backed up or are you assuming they are?

  • If you have a GOOD BACKUP in place, files can be restored in a timely manner. After you can create a fresh, uninfected installation of Windows with a good backup you can restore all of your updated files.

  • Never click on a link or attachment in an email that you are not positive it is from a trusted source. If you think the email looks suspicious, it probably is. It never hurts to send an email to verify that this is legitimate.

  • If you use an email-retrieving program, disable image previews. Email applications like Outlook, Thunderbird, and others often automatically load attachments for your convenience, but this takes away your ability to decide whether or not a file is safe to open. Check your preferences to disable this setting.

  • Within an email, hover over hyperlinks to see where they may go before clicking on them. There are many disguises that CryptoLocker and CryptoWall take on. Example: You may receive an email for FedEx that your package has shipped. HOVER over the hyperlink to make sure that the URL is actually going to FedEx or better yet, go to your original order and copy your tracking number for the package you are hoping to receive. Then go to your web browser to the FedEx website and review your tracking from the actual FedEx website.

  • Before opening an email, depending on your email client, you may want to review your email Message Options or just delete the email before opening it.

  • Spoofing: many emails may look like they come from family and friends or "You will receive a $100 gift card from Kohls!".

  • Types of attachments may actually vary and now even masquerade themselves. ZIP and EXE are your typical files that are the some of the first signs of a virus. But like CryptoLocker and CryptoWall that is actually a Trojan horse malware, the attachment could actually be a zip file with filename and icon disguised as a PDF file.

  • Disable hidden file extensions. A file that may be disguised as a PDF or an image might actually be an executable CryptoLocker or CryptoWall file. With file extensions disabled, you can identify these executable files with the extension .exe. Unless it’s a program you wish to install on your computer, do not open files with the extension .exe.

  • Google it. When in doubt about an email, file, warning, email address, advertisement, or anything else that seems suspect, do an online search to see what other people are saying. Throw in the word “scam” to weed out results that may have been placed there by the very people who are trying to cheat you.

  • Beware of unusual emails from people or companies that you normally do business. The display name may look correct but looking closer and viewing properties of the display name, it could actually be spam.

  • Beware of Hyperlinks, hover over with your mouse to verify the actual link, not just the display name.

  • Remember ALT+F4: this will close the current open window. If you get an odd pop-up don't click on anything, not even the X to close the window. Just hold down ALT and click F4.

  • Most importantly - Think Before You Click!