In September 2013, a new form of malicious software has been spotted on computers running Windows.  This software, known as ransomware, encrypts all files on a user’s computer (including external drives and network shared drives) that matches the most commonly used file types including photos and documents.

Upon infection, the ransomware (Cryptolocker) will make a list of all the files it will encrypt, encrypt them then upload the information needed to decrypt the files to a remote server belonging to the attacker.  Once complete, a window alerting the user that their files are being held for ransom is displayed.

Currently, there is no known method to recover your files without paying a ransom—currently $300.  You can restore from a backup or system restore with shadow copies to avoid paying the ransom.

This infection is typically spread by opening a file (most often an email attachment) from an attacker.  It is usually disguised as an enticing file that appears to be a pdf, image or document.  In reality, it is a malicious executable file.

Your best option is to minimize the risk.  With proper education and preventative measures, this infection can be avoided.  NEVER open a file you are unsure of or you receive from an unknown sender.  If something doesn’t seem right, it probably isn’t. You didn’t win the lottery; your package with gold in it isn’t being held up at customs; your tax refund isn’t awaiting bank information.  If an email doesn’t seem right, feel free to talk to your technology provider / support provider to get a second opinion.   Banks, Paypal, Facebook and other reputable website operators will not ask for credentials through email.  They, generally, do not send attachments to their unsolicited email either.

EthernetGeeks has extensive experience and training on detection, removal, and preventative measures that will help mitigate the risk of infection.  For more information, pelase contact us.