Important information about CryptoLocker virus!

As many of you know first-hand, virus and malware infections are an annoying and painful part of computer use in this day and age.  Because there are so many infections floating around the internet, and due to the wide variety of infection types, we usually don't send out messages like this one targeting a specific type of infection.  Even the recent "FBI" virus did not warrant an alert, since those infections are simple to remove.  However, the new CryptoLocker infection does warrant an alert, which is why we are writing to you today.

What it is:

CryptoLocker is a very destructive infection that enters your computer either via an email attachment or by using existing infections on your computer as a gateway.  The worst "normal" infections result in a computer having to be formatted and all software reinstalled, but we can almost always rescue important data.  In the case of CryptoLocker, the infection ENCRYPTS all of the data on your computer, effectively destroying all stored data including but not limited to:

   - Word files           - Excel files                    - Pictures            - Music
   - Movies                - Quickbooks files         - PDFs                - All other data types

At the time of this writing, the data encrypted by CryptoLocker is NOT RECOVERABLE.  Data is held for a ransom, some reporting an amount of $300 - it is unknown whether or not paying the ransom will recover the data, but security analysts note that it almost definitely will not.  Once the infection kicks in fully, the data is not currently recoverable. It is important to note that CryptoLocker can infect both workstations and servers.

If you are a SMART IT Services, Inc. customer and on any of the proactive SMART Services support plans: Platinum, Gold or Silver. We have installed the known blockers for this virus on your systems and are continuing to take proactive measures to block CryptoLocker for you. That said, your staff should still follow the preventative measures below. As they types of virus’s morph and adapt, learning how to bypass defensive measures very quickly.

Preventative measures:

A. ALWAYS exercise caution with email.  Do NOT download any files from an email unless you are absolutely certain what it is, and that you know where it is coming from.  Even emails that appear to come from people you know may harbor infections - if the text of the email looks fishy, or if there is no text and only a file attachment, the person's email account may be compromised, and any attachment files may be infections.

B. If ANY of the following are true; you may already have a malware infection:

          1.    You KNOW or THINK that your computer has infections
          2.    Your computer is slowing down for unknown reasons
          3.    You see that software has been installed that you do not recognize or that you yourself did not          
                 install
          4.    You receive popups, either while browsing the web or in general
          5.    You type in a web address and you are suddenly diverted to another web page or site
          6.    You notice other strange things that do not fit the above descriptions

 If this is the case, DO NOT WAIT TO CALL US!  Any amount of time spent working on an infected computer could result in additional infections inhabiting the machine and other machines on your network, which in turn could result in a CryptoLocker infection.

If you think you have infections:

1. UNPLUG your Ethernet cable from the back of your computer - the encryption process RELIES on an internet connection in order to acquire an encryption key, so a lack of internet access cripples the infection's ability to fully operate
2. If you don't know what the Ethernet cable looks like and nobody at your place of work knows either, close all of your programs quickly and then HOLD IN THE POWER BUTTON on your computer until the screen goes black - shutting down normally could embed the infection!
3. CALL US RIGHT AWAY - do not attempt to continue working on your computer - the longer you wait, the easier it is for infections to embed.

Some notes:

If you do end up with a CryptoLocker infection, the best thing to do is to turn off your computer and do not turn it back on.  We can examine your hard drive on-site or in-house to see if the data has been encrypted or not, and if not we can perform a data rescue operation.  We are hopeful that the anti-virus community will come up with a solution to this problem in the near future, which we will be able to implement as needed.

Malware and virus prevention requires many things to be working in unison - your computer needs to have the latest security patches, your antivirus program needs to be installed and up to date, and you need to practice safe browsing and email practices.  If Windows Update asks you to install updates, please do not put it off - these updates will increase the security of your computer.

Finally, we should note that Windows XP computers are currently the most vulnerable of all computers for malware and virus infection.  The reason for this is two-fold:

1. Windows XP has been around for more than 12 years now, and is compromised more easily than newer systems just due to age and the familiarity of infection writers with the system.
2. Windows XP support is being discontinued by Microsoft - this means that security patches will no longer be produced for Windows XP, making it an even easier target for infection.

Please give us a call or send an email if you have any questions, and PLEASE GET IN TOUCH RIGHT AWAY if you think you have infections.  Please be vigilant, and hopefully you will not have to deal with CryptoLocker.