A friend of mine was recently hit with the new varient called CryptoLocker virus. Apparently, it’s quite a nasty virus and encrypts all your documents, and other important data that you may need access to on a daily basis. It’s classified as a Ransomware; where the creator of the virus wants you to send them a certain amount of money to decrypt viruses.
So, I just thought it’s a good opportunity to remind us all to make sure we always have a secondary backup some place. Preferrably unattached from the computer, because the virus scans the entire system and attached peripherals including network drives and will encrypt a whole host of common extensions.
Good back up solutions:
Cloud
Localized Backup on an External Hard Drive
Stay safe friends! Keep your computers backed up as frequently as possible, and ensure that your antivirus solutions are always up to date.
Re: CryptoLocker/The importance of having a Backup
i have a question about Manual removal of CryptoLocker.
Will it let me open Local Security Policy editor if my system in infected with this virus?
Win7 AppLocker is also a good option. Googleing the virus i also found that data is not encrypted in all cases, infected files can be located by loging in to Safe Mode with command prompt opening msconfig and checking startup tab.
lots of usefull info available from link posted by admin.
Re: CryptoLocker/The importance of having a Backup
No idea on that, bro. Could test it on a dummy PC . I think the script is meant to just lock down the created data, for its’ value to the user. Not sure if system files are also barred.
I’m going to attempt and do a System Restore point on the infected computer. The virus has already been removed, but the word documents are still encrypted (gibberish when you open them). Also Shadow Explorer (as mentioned in the article) might be an option to explore, and see if that works. Will repost Monday after I’ve tried it to see if it helped at all.
Re: CryptoLocker/The importance of having a Backup
CryptoLocker encrypts data files (documents, images, media etc). When your computer gets infected the encryption happens in the background. Once all the data is encrypted it deletes the encryption key and then it shows the splash screen informing the user that the data is locked up. At that point you can either pay up or restore from backup (used to be $300, now they're asking 2 bitcoins, approx $2000).
The computer should work if you know how to get past the splash screen. But without the encryption key you can't get to the data. :)
Use a proper, version based backup for proper backup, or use a Mac. As this thing is WIndows based.
. I think the script is meant to just lock down the created data, for its’ value to the user. Not sure if system files are also barred.