Ransom anyone?

Unfortunately I deal with computer viruses nearly every day. A computer browsing on the web these days is like a toddler in daycare, they are gonna catch bug, spread it, and everyone will be unhappy. Until recently most bugs range from the somewhat annoying (browser home page switch-a-roo) to the downright unusable (long boot times, pop-ups like pop-corn). But really and truly no harm done, until now.

Cryptolocker came to town a couple years ago and had some success, and it’s come ’round every year since. Released a month or so before the holidays when on-line activity is at it’s peak, specifically disguised as a ubiquitous email from FedEx, UPS, or USPS notifying you of a delivery. The email itself was harmless, but clicking on the “tracking info” link was the beginning of the end. You wouldn’t notice anything at first, except that your computer would be rather slow for a while. Probably just another “update gone wrong” you might think, until you notice you can’t open any of your Word documents, or Excel, or pictures, or PDFs, basically anything that matters. Then it will catch your eye, an inconspicuous text document that is sprinkled around among your files and folders, a ransom note describing how all of your data is now encrypted and how for the low price of $500 they will send you the decryption key. Well I’ll spare you the suspense, they will take your money, and there have been no reported instances of said decryption key ever being delivered.

But wait, it gets worse…

The method of encryption that is used is irreversible. That means the damage is permanent, done, finito, no gettin it back folks. It’s almost worse than just deleting them because there they are, looking at you, sorted by date in nice little rows, yet not a one can be opened.

But wait, it gets worse-er…

The virus has the ability to encrypt data on external drives as well. That means your trusty external hard drive that’s faithfully backing up your data is toast if it attached at any time during Cryptolocker’s rampage.

But wait, it gets worse-er-er…

This external drive infection holds true for network drives as well! Holy “Z” Drives Batman! Yep, any drive with a letter, flash drive, hard drive, mapped network drive, all potential Petri dishes for this bug to spawn in. Batten down your servers folks.

You may think surely the clever folks over at Norton or Symantec have figured out how to nip this bug in the bud before it can destroy all the photos from your last family reunion (even though you might want it to). Well just like the CDC chases the flu around every year and comes out with a vaccine after maybe you and most of the people you know already have it, this is the same drill. They do patch their software to block it but only after it’s been out a while can they engineer that fix. And each year it’s a different strain, so each year millions of reunion photos are lost before the cure can be coded.

Wow that’s depressing, what CAN be done?

  1. Periodically make a copy of your files on an external device (flash drive, external hard drive) that is not always attached to the computer. It might not be as current as your always on backup device but when the bytes hit the fan, it’s better than nothing.
  2. There is a chance, and I mean a slight chance, very slight, that your computer’s Volume Shadow Copy service could be tapped into and some files recovered. I’ll spare you the technical details but the smart folks over at www.shadowexplorer.com have come up with a handy free utility that lets you browse potential shadow copies of your data and possibly restore them. Again, very slight chance but hey, nothing to lose by trying.
  3. An ounce of prevention means don’t click on links in emails unless you are 120% sure they are legit.
  4. If you do get this bug, don’t pay the ransom, in the end that’s what fuels this sort of thing. They wouldn’t do it if it didn’t make them money.

So there we have it, a breakdown of what I think is the baddest-est bug to come down the pipe in a very long time, if not the worst because of how it now crawls into external devices and leaks into mapped network drives (an all nighter for the I.T. department, and I don’t mean a Dr. Who marathon).

So when you start seeing Target running Christmas commercials this October, and when the flurry of Amazon order confirmations start flying, take pause, there is no such thing as digital Purell.