There is a relatively new threat gaining traction called Ransomware. Unlike most traditional viruses, ransomware may not be a recoverable issue after an infection. The basic idea behind this software is a user gets a virus through an email phishing scam or another source. Then, the virus goes to work on files by using encryption to render data unreadable. Afterward, the user is presented with a demand for payment and a countdown timer. If payment is not made before the end of the timer, the digital key to recover the encrypted data is deleted. Once that happens, there is little to no chance the files will ever be recovered.
In the past, viruses presented more of an annoyance rather than causing real permanent damage. The worst damage MCS engineers usually see is from viruses that use key logging to gather passwords and sometimes even move real money out of bank accounts. While that is a huge issue, it is still often recoverable by alerting the bank to stop the transfer. With these new ransomware viruses, even if a user pays the ransom in time, (usually around $300) there is still a possibility that the key has already been deleted or lost. If the authorities find and shut down a rouge server storing keys, all of the users with keys on that server are out of luck. Even after paying, some files may encounter an error during decryption and still may be unrecoverable.
The latest ransomware threat, called Crypto Locker, started showing up around September 2013 and it is still spreading. Currently, the onlyway to restore an encrypted file is to obtain the key from the attackers. These programs really do live up to their name as they do have control over access to personal files. Ransomware viruses affect all versions of Windows going back to XP.
This new threat is still a virus and can be avoided like any other virus. Avoid emails that look odd and never click a link unless you are sure it corresponds to something you are expecting. Never click a link that claims to be tracking a package you don’t remember ordering. It is safer to copy your tracking number and type the carrier’s web address in manually, or paste the number into a Google search. Even if you can see the carrier’s name in the link, that does not mean you will be taken to a legitimate website.
As always, MCS recommends that users always use up to date anti virus software and SPAM protection. Please contact us if you are interested in a security consultation to lower your chances of infection.