Cryptovirus Attack : What to do next!

Computer viruses have been around for decades, and they range from fun-but-annoying pranks all the way to devastating destruction of your computer system.  No kind of virus is enjoyable to have on your computer, but by far one of the worst viruses ever to affect personal computers is CryptoLocker.  A particularly insidious virus that combines the worst in malicious malware with the lowest of internet scammers, CryptoLocker works by replacing all of your files with locked versions, and demanding that you pay a ransom within a set window of time to restore them.  The ransom is usually between $300 and $600, and if you don’t pay up the files are permanently destroyed.  The bad news is that so far, no one has successfully found a way to restore files destroyed by CryptoLocker.  The good news is that by taking a few simple steps before your computer becomes infected, you can easily wipe the virus from your system and restore your files from backup.

Make multiple backups of your files

One of the things that makeCryptoLocker such a malicious virus is that it can attack data on peripherals connected to your main computer as well.  What this means is that if your primary backup drive is connected to your computer when it becomes infected with the virus, your backup files can be replaced with locked copies as well.  CryptoLocker also affects files connected to your computer via a network: essentially, any file directly connected to your computer when it becomes infected is at risk.  It’s a good idea to keep an offline backup of your important files at all times, either with an external hard drive that you only connect to your computer for regular backups, or with a Cloud service that does not automatically sync to your computer.  You keep your files safe by ensuring that CryptoLocker cannot replace them with the locked versions, which means that as soon as you realize your computer is infected you should keep your offline backups and your computer as far away from each other as possible.

Use a true backup program

There are two ways of keeping backups and make sure you will be able to restore your data: the first is by manually or automatically copying files to your backup device, and the second is by using a true backup program that makes a new copy of each file every time it backs up.  To protect your backups against corruption by CryptoLocker, you should be using a true backup program, because only the true backup program retains copies of the files from before the CryptoLocker infection.  You still run the risk that CryptoLocker will lock your backed up files if you try to backup from an infected computer, but by using a program that saves multiple copies you vastly increase the chances that you will retain unlocked copies of your data that you can use once the virus has been deleted from your system.

Keep your virus scanner up to date

The people behind CryptoLocker are very quick to update the program so that virus scanners cannot catch it, but firewall developers are almost as quick to update the virus scanners to block as many versions of the virus as possible.  Update your virus scanner as often as possible and run frequent checks on your system, especially before opening any attachment downloaded from the internet.  If your virus scanner is up to date then you should be protected from all but the most recent version of the virus; if you’re really lucky, your virus scanner will catch every version of CryptoLocker and keep your system safe.  Scanning software specifically targeted at CryptoLocker is also being developed, so it is worth the extra time to download a program like CryptoPrevent as an extra line of defense against the virus.

Be very careful with e-mail attachments

The most common way that CryptoLocker propagates is via an innocent-seeming e-mail with a ZIP attachment.  The e-mail is usually disguised as a message from a friend or official source, and can be very easy to mistake for a completely innocuous message.  When you download and unzip the file, it appears to contain a PDF file, but the PDF is actually a .EXE file containing the virus.  A simple trick allows the CryptoLocker developers to disguise the .EXE as a PDF, making it look completely harmless, but of course, once you open the file, the virus makes short work of locking your files.  As with most viruses, the simplest way to avoid it is to treat any e-mail attachment with suspicion.  Unless you are actually expecting an attachment and know the sender, don’t open any unfamiliar file online.  If the message appears to be from a friend, e-mail that friend to confirm that they actually sent it; if the message seems to be from a legitimate source, do some Googling to find out if the source exists and if the message you got comes from the right domain name. When in doubt, delete the attachment without opening it: your worst-case scenario is that you offend the friend trying to get you to proof-read her term paper, which is much better than having your data held to ransom.

Delete the virus as quickly as possible

If you open a suspicious attachment and your virus scanner fails to catch it, the only thing you can do once CryptoLocker infects your computer is to remove the virus as soon as possible.  There is no way to restore the locked data without paying the ransom, and the longer you wait the more of your files could become locked.  Fortunately, despite the damage it does, CryptoLocker is very easy to remove.  Since the virus only targets certain types of files, your applications are usually safe, which means that you can easily download a CryptoLocker remover and wipe the virus from your system.  Once you’ve done that, update your virus scanner and restore your files from the most recent backup you have available.  If you’ve done a good job of backing up your files before becoming infected with the virus, you may not lose much data at all.  And if you’ve had the unpleasant experience of dealing with CryptoLocker – or want to avoid it at all costs – try switching to Mac or Linux, since so far all versions of the virus have been Windows-only.