Serious new infection

Don’t fancy losing every single document and photograph? Read on…

For some time now reports have been circulating on the internet and, recently, in newspapers and on the TV news, of an infection that encrypts every file on your PC and will not allow you to view them until you pay the virus-writer a sum of money (currently between £300 and £800).

One unfortunate customer of ours has just fallen foul of this, and lost more than 3500 business documents and personal photos. More than ever, be very cautious.

The advice on our virus removal page is a good start – don’t open an attachment unless you’re absolutely certain that it’s genuine and that it’s from a reputable source. This one arrived in an email purporting to be a Vodafone bill. It looked very convincing but instead of linking to the accounts section of the Vodafone website, it claimed that the bill was attached. Opening the attachment started a program running in the background which began silently altering every file, so that they could not be opened without a secret key. After a while, a message popped up demanding payment but, by that stage, the damage had already been done.

Once the files have been encrypted, there is nothing that can be done to recover them: the methods used would stump GCHQ and the NSA (probably…) and each file has a different password so that, even if you somehow guessed one (a feat which would take a couple of billion years of continuous guessing) all of the others would remain unreadable.

To add to the fun, it’s believed that the malicious program can erase files on other devices on a PC network, and on backup drives attached to PCs.

It is now even more important to take a backup of every important document/picture/song on your computer. Previously, it has been possible in Windows to schedule a backup using the built-in Windows backup software, and automatically back everything up to an attached disk or memory stick every week or whenever you choose. But, as this malware has the ability to wipe backups as well, it’s probably better to unplug your backup drive all the time, plugging it in only when you actually intend to take a backup.

We aren’t miracle workers – if you are fooled into installing this trojan, we won’t be able to recover your files. We can at least attach your disk to another PC and remove the infection, as well as recovering any not-yet-encrypted files. The best advice if you get infected is to turn off the PC immediately and give us a ring (other PC support companies are also available…). But it needs everyone to be vigilant and not to open any unexpected attachments or anything where the message doesn’t sound like it comes from the person who appears to have sent it. I recently had an email from a customer that began “Hey friend!”. It went straight in the bin.

Please be careful.


This entry was posted in Backup, scams and cons. Bookmark the permalink. Both comments and trackbacks are currently closed.