Crypto Viruses are probably the one thing of the nasties that scare me. Once they take hold there’s basically nothing we as computer professionals can do for you. Esp if you are a business and not taking snapshotted or versioned backups.
For those not in the know a Crypto Virus will infect a computer or even network / san / arrays and encrypt the contents. Often you are given a time limit to pay for an unlock key and if you don’t, that’s it – we probably cannot recover your precious files or images as they are now very strongly encrypted and it would take the most massive supercomputers ages to crack the encryption key – something most people don’t have access to.
There are some steps you can take:
- Take a “cold’ backup every so often. This means a full backup to something like a usb drive and disconnect it from the computer and store it safely.
- Do not open any email whatsoever, even if it is from someone you know, with any kind of strange attachment or link. Don’t follow the link.
- Business should consider standing behind OpenDNS, they block the ports Crypto’s use to talk back to the bot nets to get the encryption keys
- Turn snapshotting on for your OS, you’ll have to look up how for your specific OS
- Consider a service CrashPlan, Carbonite or any other that versions. That way you can restore a version of the the system without the Crypto
- Watch out for emails with obvious spelling mistakes, it’s often a sign of a scam and could contain a Crypto
- Consider installing Malware Bytes Paid version, not free so you get real time website and nasty monitoring, it will warn of any malicious website before it hits your computer. I personally use this.
- Finally watch out, as these are starting to appear as txt and iMessages
Crypto Viruses are a very nasty business and once you get one you basically have two choices. Pay the ransom and hope you get your unlock key or lose all your data, as again because of the strong encryption there’s not much we can do.