CryptoLocker virus on the rise. 10/09/2013

If you are taking the time to read this blog you may want to invest some time in making backups of important files.  It is even suggested that the files be backed up to media like DVD/CD roms to prevent modification. At the time of this writing we are working on the removal of a virus from a customers machine and all the files have been encrypted. 

In internet research it appears that starting around mid September this virus has be come more common and is creating problems for many victims on the internet.  Removal appears to be easy but restoring the damaged files not so easy. 

QjqBDRr.jpg

In some of the posts on the internet the do say paying the fee does get a decryption key but that is not very encouraging to have to pay someone for something you did not want or buy.

Unfortunately the list is long of the file types that this virus may encrypt:  .ddrw, .pptm, .dotm, .xltx, .text, .docm, .djvu, .potx, .jpeg, .pptx, .sldm, .lnk, .txt, .xlsm, .sldx, .xlsb, .ppam, .xlsx, .ppsm, .ppsx, .docx, .odp, .eml, .ods, .dot, .php, .xla, .pas, .gif, .mpg, .ppt, .bkf, .sda, .mdf, .ico, .dwg, .mbx, .sfx, .mdb, .zip, and .xlt. When encrypting these files, the infection will rename them as HTML files. If you attempt to open one of these files, your web browser will open and show you a picture of the lock screen that states that the file is encrypted.

Based on information from BleepingComputer.com the source of the infection are usually:

CryptoLocker currently has three infection vectors:

  • This infection was originally spread via sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain an attachment that when opened would infect the computer.
  • Via exploit kits located on hacked web sites that exploit vulnerabilities on your computer to install the infection.
  • Through Trojans that pretend to be programs required to view online videos. These are typically encountered through Porn sites.

The post atBleepingcomputer.com goes on to suggest that software policies could be added to prevent programs from executing that are loaded in the users %appdata% area and they explain how to add them to the policy.

We are experimenting with ways to get the data back for the customer but most suggest restoring from backups, or shadowcopy if it is on.

Hopefully some of this information will be useful to understanding the mode of infection. The takeaway from this should be to backup your files that are important. There is no good substitute for a backup method.

There are many good ways to practice backup management and we have partnered as a reseller with Carbonite for home and business.  Carbonite manages the backups of most frequently backed up files for home users, there are some limitations so be sure to explore features of the product. Carbonite also offers a robust solution for small and medium sized business including HIPPA Compliance.  See Carbonite statement below:

If you are purchasing Carbonite from E2 Computers we will provide 1 remote session to assist in installing the Home versions. (Carbonite and Remote Support require reliable high speed internet access).

USING CARBONITE TO ASSIST WITH HIPAA COMPLIANCE

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rules apply to protected patient health information in electronic formats. This information must be protected with appropriate security measures to guard against unauthorized access during transmission over an electronic communication network.

Carbonite Business provides critical data security protection without compromising patient privacy and can assist customers with HIPAA compliance efforts:

  1. Offsite Backup for Disaster Recovery: Carbonite online backup is a key component in any disaster recovery plan as protection against hardware failure, theft, virus attack, deletion and natural disaster.
  2. Encryption: All customer data that is sent to Carbonite servers is encrypted before transit with 128-bit Blowfish encryption, then sent to Carbonite data centers using an SSL connection. While at the data centers, all backed up data remains encrypted.
  3. Secure Data Centers: Carbonite’s data centers are physically secure with protective measures that restrict personal access using biometric scanners, electronic key cards, and PIN codes. Additionally, the location is guarded by onsite security officers 24 hours a day, 365 days a year.
  4. Massachusetts Data Security Regulation (201 CMR 17): Carbonite is compliant with the Massachusetts Data Security Regulation, widely considered the most stringent data protection statute in the nation because it prescribes actions for disclosing security breaches as well as robust prevention measures. All Carbonite customers, regardless of where they live, get the benefit of Carbonite’s compliance with the Massachusetts Data Security Regulation.
  5. Business Associates: As a Business Associate, Carbonite supports your compliance with HIPAA regulations and can provide you with a Business Associate Agreement.

For more information on using Carbonite to remain in compliance with government regulations, including HIPAA, please contact your Carbonite Authorized Reseller.

08262013-r2

© Copyright 2013 Carbonite, Inc. All rights reserved. www.carbonite.com


Support tips and advice presented by the techs at E2 Computers in Tarpon Springs and on the web at www.end2endsupport.com.

Copyright 2014 Simply Reliable Solutions, llc and E2 Computers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

End2End