Beware the Cryptolocker virus. It is real and it can totally hose your data.

I got a laptop in today to try to repair. Word files had suddenly stopped being able to be read by Office 2007. It was bizarre. After messing with it a while I found out from the owner that he had a virus warning flash the day before. He remembered the word “locker” being on the screen.

It turned out that it was Cryptolocker, a virus that encrypts your data file with nearly impossible to break encryption.He had the symptoms and I even found the registry key for Cryptolocker _0388.

The victim is offered a chance to pay a ransom (typically about $300) in bitcoins or other currencies. If you don’t pay by the deadline, you never get to open your data again. It has infected hundreds of thousands of users and a notable percentage of victims pay up. It generates a king’s ransom for the criminals that do the infecting

In his case, it appears Microsoft’s malicious software removal tool scraped out the virus, but the damage is done. The files are encrypted and it even got his thumb drive backup versions. This virus can hunt across mapped drives.

Also, since the virus is gone, he can’t even pay the ransom to get back his precious data.

The rig had apparently never had Windows XP updated and the antivirus had expired. Sadly, there is nothing I can do. The owner is going to try a data recovery professional, but I am afraid they will advise him the same.

Seriously folks, don’t use XP on business systems anymore due to the age and lack of support. Keep your software fully patched! And please, never, EVER operate a machine without a reputable Internet Security program in place.



Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: