I am posting this blog post again for the simple fact that it has shown up in the news again. On November 28, 2016 the San Francisco transit system was hit by a ransomware attack. Read below for the original blog post on ransomware/encryption viruses.
There have been ransomware/ encryption viruses spreading at an alarming rate, with an estimated half a million victims so far. We have seen it here personally, infecting many of our personal computer users and some of our business clients as well. It is called the Locky Virus (other names include, CryptoLocker and many others) and unfortunately, there is nothing that a user can really do to prevent the virus except be vigilant in their computer usage.
The Locky Virus is a ransomware type virus; it encrypts all of your data with the design of forcing you to pay to get your data back, usually in Bitcoin currency. I cannot stress this enough, DO NOT PAY. The Locky virus uses a AES 128 military grade encryption, rendering your files unusable and inaccessible, and simply deleting the virus is not enough.
Based on what we have seen the Locky virus is arriving to your system via email, usually with an compressed folder attached. Often times, the email references some receipt or invoice. Sometimes, the email in questions is spoofed, coming from a reputable business or maybe even someone in your contact list, leading the user to believe the email in questions is safe and legitimate. Opening the email and the compressed file themselves is not enough the allow the Locky virus access to your system. When you open the document in the compressed folder however, it will likely ask your permission to run some sort of executable or Macro, which then installs the virus to your system or server.
That is when the work begins. The virus, having been downloaded to your system begins its work in relative secrecy. Slowly encrypting your data without your knowledge. Although, there are signs. Your system may be running unusually slow; programs may take significantly longer to open or execute. One thing about the Locky virus is it hogs your computers resources, your CPU and memory will display signs of exertion. If you look in your computers task manager, under performance and see a program or service that is taking a lot of your computers resources (sometimes masked as a Microsoft program or service), it is best to immediately end that process and delete any files that may be associated with it. Eventually, if you do not realize you are infected or otherwise failed to prevent the spread, you will soon realize you have become a victim of the Locky virus.
As I mentioned earlier there is not much you can do to prevent a ransomware attack on your system. The best thing you can to do is be extra vigilant when opening programs and emails of which you are not 100% percent certain are safe. If you get an email and a compressed folder, even if it is from someone you know, I strongly suggest you DO NOT open it. If you do open a document, for example, a word document and it asked you to download Macros, again, I suggest to don’t and immediate exit that program. Additionally, and I cannot stress this enough, create a back up of your system and important documents and backup your backup. Keep at least one backup that is not online. The Cloud is great and convenient but can be susceptible to infection more so than an offline backup.