Well, here I am once again to remind and caution you about the three most important things in computers and computing. Here they are (in descending order): 1) Backing up 2) Backing up 3) Backing up No seriously, while I have always been passionate in exhorting all my clients to establish and maintain a rigorous, reliable, and robust backup scheme, it is now even more critically important than ever. Although there have long been a broad and diverse array of threats and hazards to you, your computer, and your personal/business data "out there", among the ever-growing list of things against which to defend is now a chilling (relatively) new menace to your precious files, documents, photos, and other irreplaceable data - the CryptoLocker worm (and its analogues), or as it/they are also known in the industry, Ransomware. I have personally seen people who have been attacked and stricken by this insidious intruder, and the only ones who have come out totally (or at least mostly) unscathed were those who had relatively full and current backups of their critical data located on media off of (and physically disconnected from) their computers and from their home/office networks. What does it do, and how does it operate? Using a number of very clever, highly intelligent, and well-written algorithms it sends you zipped files (usually, but not necessarily always, PDF files) which appear to come from a trusted source such as your actual bank, phone company, internet service provider, and so on. These PDF files purport to be either a current bill, statement or other type of important customer information for your review. Once you've unzipped and opened the PDF file to look at it, your system has already become infected with the CryptoLocker worm (or one of its similar, new peers), which quickly - and amazingly efficiently - performs a thorough scan of all local and network shared drives, partitions, folders and even connected external media (such as your external backup hard disk), seeking out specific types of data and media files, and using strong (RSA public-key) cryptography protocols (with the private key held on their server) to encrypt (read: lock) your files, such that they can no longer be accessed by ANYONE (including you) without the private key. This cannot be decrypted - except maybe, and only maybe - by the Mossad, the CIA, or the NSA were they to apply their full computational decryption facilities to it, but, aside from the fact that they are never going to do this for you even if they could, and also due to the extreme strength and difficulty of brute force-breaking that would be required to "break" or decrypt your files, it is pretty much universally accepted and agreed that there is no feasible way to unlock them. They are lost to you forever - unless you have fairly thorough and recent backups of them, or (and hence the name, Ransomware) you are willing to pay a ransom (within a specified time limit) of anywhere from hundreds to thousands of dollars or euros to hopefully get the key from these hackers and regain access to your files. In other words, even though I have also often ardently and earnestly warned that ALL hard drives will fail - it is a question of when rather than if - with most typical scenarios of data loss or accidental/catastrophic deletion, you have a number of alternatives for attempting to recover your lost data (which may vary in cost anywhere from free to thousands of dollars, depending upon the physical/mechanical state of your Hard Drive / Storage Medium). However, in this Ransomware scenario, these nefarious operators can pretty much demand whatever price they want to return your data (access) to you, and not only do you have absolutely no other alternatives than those they offer - you don't even know for certain that you will, in fact, ultimately regain your access to the data in question - even after having submitted payment to them (I've seen more instances where they did indeed return the key, but others where, for whatever reasons, they decided to simply take the money and run, leaving you still without any access whatsoever to your data. How can you protect yourself and your data against these artfully treacherous attackers? Well, of course you can and should keep your system protected with a multi-layered protocol of security - including a (software or hardware) firewall, a good, robust antivirus program and at least one or two separate additional anti-malware/anti-spyware programs to help locate, identify, and remove the various and sundry little malevolent invaders which, in any case, are inevitably going intrude upon and occupy your computers, many of which - due to their lack of specific heuristic or definition/code signatures, may not be detected by your main antivirus program. But usually, by the time you've discovered that CryptoLocker or one its numerous analogues has invaded your computer, it is unfortunately probably too late for your data. You can easily find and remove the malware that encrypted your files, but as I elucidated above, you cannot remove the encryption from (nor regain access to) your files once they've been encrypted no matter what you do. So, the only real and true protection you can have against this very sophisticated and Machiavellian threat is to have a full, current and safely stored backup of ALL your important files - including but not necessarily limited to - documents, mail, contacts, spreadsheets, photos, PDFs, text and pretty much any other type of file formats that most of your commonly used productivity applications create and use. To sum up, I need to say, hear me now - and act to implement the necessary and appropriate protocols & procedures (security software and data backup), or take the considerable risk of being very sorry later on (perhaps even tomorrow or the next day?) Bleeping Computer on CryptoLocker MalwareBytes Security Blog / CryptoLocker Wikipedia on CryptoLocker The links above provide most, if not all, the information that is currently available regarding this phenomenon. Additionally, please feel free to contact me for consultation or advice on how best to proceed going about setting up the very best protection for your precious data and digital life that you can possibly provide. Beau - Israel's PC Doctor [email protected] 054-772-6239 (Israel Cell) +972-54-772-6239 (Cell from Out of Israel) +1-407-745-0882 (US Landline Rings at my Lab) Testimonials YouTube Video Testimonials |