Cryptolocker Virus

Cryptolocker:  What to do to protect yourself and what to do if you get it.

What is Cryptolocker? Cryptolocker is a Trojan horse virus that surfaced late September 2013, a form of ransom ware that targets computers running Microsoft Windows software. Cryptolocker disguises itself as a legitimate attachment. When activated, it encrypts a variety of files with a mixture of RSA and AES encryption. When finished it prompts the user to pay a fee for the key to unlock the files being held ransom.

There is a screen that displays a timer with a countdown, the purpose of the timer is to create a sense of urgency to “pay” the fee to get the files back.  In November of 2013, the creators of the virus put up a website for users that have had the timer run out, and on the web page it has an option for those users to pay a ransom even if the timer has run out.

The ransom must be paid with Moneypak vouchers or Bitcoins. Once you send the payment, and its verified, the program will then decrypt the files that are encrypted.

What should you do if you are infected with Crytolocker? The first thing that you should do is disconnect the machine infected from the wireless or wired network. That way the virus won’t have a chance to infect other networked devices. Ideally, you should have your files backed up and accessible on a non networked device or drive.

Is it possible to decrypt the files by Cryptolocker? Unfortunately, at the time of this writing there is no known way to decrypt the files private key easily and quickly. The only method of restoring the files is from a backup copy or imaged copy of the files.

How do I find out if I have been infected with Cryptolocker? Make sure you have an Anti-virus suite or program installed and its definitions are up to date. Run a full scan. There are various tools available on the web that can help if you do not have an anti-virus installed, a quick Google search will point you in the right direction. There are also methods of manually removing the virus from the registry, which is not recommended for the non-computer savvy user.

How do I become infected  with the Cryptolocker virus? The infection is typically sent out to company emails, and disguised as a customer support related issues from another company, for example FED EX, USPS, UPS, DHS, etc. The file might be named 1056_FORM.exe or 1056_FORM.pdf.exe. Since Microsoft does not show file extensions by default, the files look like normal .PDF files. 

I have provided links below to pages that discusses in depth the Cryptolocker virus and methods of mitigation, and methods of removal:

http://www.networkworld.com/news/2013/111413-cryptolocker-practices-275987.html?hpg1=bn

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Your Computer and Second Hand Smoke

Second hand smoke will damage a computer. It is best to think of the computer tower as a lung, taking in the dust, debris, smoke and other particles in our environments. The computer takes in the same air as we breathe in our own homes. Normally the dust in a computer of a non-smokers household is a dusty grey color. In a smokers household the inside of a computer will appear quite different. Externally and internally there will be staining. There will also be a different color build up, this is from nicotine. 

It will be a brown to a dark brown in color. It will be sticky and may even appear to be moist. It will gunk up the entire computer. Making anything that is being sucked into the computer to build up. This makes the computer not have the air flow it needs, fan blades are coated and build up can be uneven causing the fans to not run as effectively. 

It also blankets the entire inside of the computer making it impossible for the cooling system to work properly. This then leads to hardware failure, costly repairs, and possibly the death to the computer.