Question: I’ve been infected with the CryptoWall virus that’s locked me out of my own files. They are demanding $750 to give me my files back. Is there any other way to unlock my files?
Answer: CryptoWall is the most recent iteration of what is known as “ransomware” and it’s basically impossible to defeat once your files are infected.
Ransomware has actually been around since the late ’80s, but last year we saw a huge increase in attacks by CryptoLocker, which generated an estimated $30 million in ransom payments in a three-month stretch.
Once the virus sneaks its way into your computer or business network, it silently encrypts all your data files with RSA-2048 bit encryption. For all intents and purposes, this level of encryption is considered unbreakable in a reasonable amount of time (estimates are by 2030 the key may be generally crackable).
Unless you have an uninfected backup, your only choices are to pay the ransom or recreate your data from scratch. At present, you have 120 hours from the first time you access the site to pay the ransom via Bitcoin or the price doubles.
Any backup drive that was attached to the computer and assigned a drive letter when the attack occurred will also be encrypted and useless to you.
Small businesses are even more exposed to this threat, because any one employee can cause the data for the entire company to get locked down, depending upon how things are setup.
Most people assume that if they steer clear of shady websites and don’t open file attachments in email, their relatively safe ... not so!
The most common attack vectors for the current threats include the traditional infected email attachment that appears to be from the company you work for and fake security updates, but a few new methods are also being used.
Some people are being infected because they got what appeared to be a voice message or fax transmission via Dropbox, a very popular file sharing service.
Others are being attacked by infected ads on legitimate sites also known as “malvertising” (malicious advertising).
Many legitimate companies that sell advertising on their sites have been found to be serving up rigged ads without knowing it.
In some cases, it’s not even necessary to click on the ad to be attacked as sophisticated “drive-by downloads” have been used to exploit security holes in common utilities.
Adobe’s Flash, Oracle’s Java and Microsoft’s Silverlight, which are all technologies used to display animation and motion on the web, are also often targeted by malvertising.
You’ve heard the tech community warn for years how important it is to keep all your software and utilities updated and here’s a clear reason why.
Protecting against ‘ransomware’
• Online backups. Since ransomware will continue to evolve and find ways to sidestep traditional anti-virus protection, you should assume that it’s a real threat. Using an automated online backup process that incorporates file versioning is the best way to avoid having to pay the ransom.
• Dual-protection antivirus software. We install a dual-protection security package, such as Trend Micro’s Titanium security package for our customers. Unlike free programs or other less sophisticated packages, Trend has a real-time cloud-based detection that protects you against the newly discovered threats as they occur and can alert you to a site that has potentially malicious code hidden on it.
A free download that outlines in great detail what can be done to protect your data from ransomware is available at http://goo.gl/C4IlTt.
• Ken Colburn is president of Data Doctors Computer Services and host of the Data Doctors Radio Program, noon Saturdays on KTAR 92.3 FM or at www.datadoctors.com/radio.