TopTop

How Cryptowall Can Destroy Your Data in Seconds

cryptowall and what you need to know

Whether you run a business or own a personal computer, Cryptowall ransomware can destroy the computer files you rely on every day, with just one click of your mouse.  If you have been following us on our website, through our social media or in our newsletters, you have undoubtedly heard about Cryptowall.  Formerly known as CryptoLocker, it is a Trojan horse that encrypts the files on your computer, rendering them useless until you pay a great deal of money for a decryption key from the virus-makers.

What We Are Seeing

As an IT company we have seen firsthand the devastation this “ransomware” can cause. In October 2014, I wrote another article on Cryptowall called, How to Protect Your Computer against CryptoLocker.  I won’t bore you with the same technical details again. Instead, I want to share with you what we are seeing as an IT company here in Midcoast Maine, in the hopes that with more insight into this ever-present threat, it will help to protect you and your data from becoming compromised.

Cryptowall is affecting computer users at a staggering rate.  It lurks on websites throughout the web, waiting for you to visit the site, then downloads itself unknowingly, called a drive-by download.  It comes in the form of an email attachment, that a good-meaning recipient tries to open.  Lately, these crooks have even found a way to implant it into trusted ad sites, without their knowledge or approval. (see Malvertising – PC World)

Just one click on the wrong website, ad or email, and your computer files are encrypted – essentially destroyed – because without the encryption key (that you have to pay the bad guys in order to get) there’s nothing you can do to get those files back. Even if you do try to work with the Cryptowall thieves, there is only a 50% chance they will send you the encryption key after you pay their hefty fee.

Our IT HelpDesk technicians always know what has happened when they hear a caller say, “My files are all encrypted and I don’t know why.” At this point, they know that the caller could be in danger of having lost it all and that there are only two options:

Option 1: Contact the Cryptowall hackers

The hackers will tell you how much it will cost for the decryption key, but they may or may not actually send that key once payment is made. It is an expensive risk, to say the least.  Here is an excerpt of an email converstation that one Midcoast Maine business owner recently had with the hackers:

Hi, your ID = DKVxxxx

All important files were encoded with RSA-1024 encryption algorithm.
There is the only way to restore them – purchase the unique unlock code.

Warning! Any attempt to recovering files without our “Special program” will cause data damage or complete data loss.
As we receive your payment, we will send special program and your unique code to unlock your system.

Guarantee: You can send one of the encrypted file by email and we decode it for free as proof of our abilities.

No sense to contact the police. Your payment must be made to the e-wallet. It’s impossible to trace.
Don`t waste your and our time.

So, if you are ready to pay for recovering your files, please reply this email

Then we will send payment instructions.

Then, the business owner received the following:

price for your ID is 500$  + gift  , I will tell how never get similar viruses

If you agree we will send payment details.

for test , I can open some file, if you want, like a proof of decryption

I don’t know about you, but neither email gives the warm and fuzzy reassurance that the hackers will do what they are promising to do. They are, after all, crooks & thieves preying on hard-working people, like you and me. Not only are they requesting a large sum of money, they actually want you to send a gratuity on top of it.

Average cost: $500 plus tip

Option 2: Restore Your Data from a Backup

The only way to get your files back without having to pay the ransom, is to have a reliable backup of your files. By backing up your data on a regular basis, you can simply restore the files that have been encrypted and be back on track with your business or personal information in a matter of minutes.

Business owners should invest in a solid backup solution that runs automatically and is stored off-site. Many businesses today are opting for cloud solutions, such as Zinc Online Backup.  Prices are based on the amount of data being backed up and include monitoring by an IT professional, to ensure the backup is completing successfully.  If a backup fails, the tech is alerted automatically and can remedy the issue that is causing it to fail. This method ensures your mission-critical data files are safe & ready whenever you need them.

Technically savvy, personal computer users can opt for a free online backup solution.  However, it’s a do-it-yourself option that puts the burden of monitoring, management & testing on you as the user, so use it at your own risk.

Average Cost: Free or $4/GB of data 

Data Backups are Critical.

There are many different solutions we recommend when securing your computer against online threats, such as Microsoft’s Security Essentials, up-to-date anti-virus solutions and Malwarebytes, to name a few. Unfortunately, none of those items will help if your files are encrypted by Cryptowall. The first and only line of defense when it comes to Cryptowall is having a reliable backup. As a matter of fact, having a reliable backup is critical for a number of disaster recovery reasons and should be a top priority for every person, every business.

Not only should you have a reliable backup solution in place, the backup should be tested regularly to ensure the data can be restored when needed.  Too often we have seen people who thought they had a backup only to find out that it was corrupt or not usable.

Conclusion

Once your backup is in place, don’t forget to practice common-sense browsing. Stay away from untrusted websites (gambling sites, coupon sites, gaming sites and more) and teach your co-workers, employees, friends & family to do the same. Businesses may also look into installing business-class firewalls that allow for web-content filtering, a topic we will be covering in much greater detail in the days to come.

As with any computer or IT network issue, the technicians at Burgess Computer are always here to help. If your files have been encrypted by Cryptolocker, contact our HelpDesk right away by calling (207) 443-9554.

Posted in

Mike Dorr, President

Mike began as a Burgess network engineer in 1998. He later spent 3 years as Five County Credit Union’s Director of IT before returning as an owner in 2006. He lives in Bath with his wife and children and is an active member of Big Brothers Big Sisters.

Reader Interactions

Comments

  1. Good article and sensible advice but back-ups won’t provide protection if the presence of the malware remains unknown for longer than the back-up cycle. Thus is because, by then, the encrypted files will have been cascaded throughout all back-up series. Most businesses (especially government organisations) will only keep archival back-ups for a month or so: malware that goes undetected in the archival ‘window’ will therefore succeed in destroying any possibility of full data recovery.

    Best Regards

    Steve

    • Thank you for your feedback, Steve! It’s a great point. If the malware goes undetected and becomes part of the backup set, there isn’t much recourse they could take. Hopefully, with an adequate, up-to-date anti-virus solution in place, the managers responsible for the network would know fairly quickly that there was an issue and avoid it all together.

Trackbacks

Leave a Reply

Your email address will not be published.