If you have been infected with this virus, Do not pay the ransom! Turn off your machine, and bring it in immediately to remove the virus.
OVERVIEW
Over the past few weeks we have seen an increase in the number of infections of this virus. It Encrypts your files using an RSA-4096 Encryption and demands payment in order for them to send you the decryption key which is virtually impossible to crack or remove. In most cases it is not possible to recover the files. The sooner you notice the virus and bring it in the more likely we can save some of your data before it is fully encrypted.
Spread through email attachments, this ransomware has been seen targeting companies through phishing attacks. Cryptolocker will encrypt users’ files using asymmetric encryption, which requires both a public and private key. The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other.
The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server.
Currently, infected users are instructed to pay up to $1000 USD to receive this private key.
Infected users also have a time limit to send the payment. If this time elapses, the private key is destroyed, and your files may be lost forever.
Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include:
3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx
In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or other recovery software used to obtain “shadow copies” of files.
PROTECTION
Do not open unsolicited email attachments or links! We can’t stress this enough!
At the moment the only protection for this infection is a full backup of your data. With the low cost of external drives and Network Attached Storage these days, it is a must for any household. This outbreak only serves as another reminder that you should be doing your backups. How much are your photos and information worth to you if you were to loose them?
If you need any further help, please do not hesitate to call us for help
Your friends at Gpro PC