Last month I wrote about the Cryptolocker virus variants that have been proliferating lately, these are the viruses that once installed onto your computer will encrypt your information and then blackmail you into paying for your data recovery in a very uncertain and woolly transaction involving the ‘dark net’ and paying in Bitcoin.
As it happened last month I got one further case of this nasty infection but this time it offered me a glimpse into the way it infected the machine as well as its delivery method. This was a business computer that was the main computer of the business, recently purchased with an expired antivirus program.
The virus itself came in by email with an eye-catching header and a local sounding name, let’s say ‘D McLaughlin’ or similar. The header alluded to a customer complaint so, as a business caring for its reputation may well do, the owner opened the email and furthermore the attachment that had the complainant’s files or evidence or whatever. It was a zipped file that unpacked the virus and locked up almost all usable content on the machine from Word Docs to Sage to specialised business software and, of course family pictures.
I was intrigued by the fact that some of the files that were omitted from encryption, notably and very thankfully one specialist program that the business relies upon heavily. I wondered if the file structure and nomenclature were simply not recognised by the virus and so skipped them. Sadly, however, as the backup drive was attached to the machine at the time of infection it too got the treatment and backups were rendered useless.
The good news from this particular case was that we kept the internal hard drive from the old computer as a ‘frozen in time’ backup – something I always recommend to my customers, this meant we only lost a couple months’ data in the end.
Please make every effort to protect yourself from these threats, they target both businesses and home users and it only takes a moment’s lapse in judgement to succumb.