Wednesday, 22 June 2016

Another day - another cryptolocker infection

All too frequently we are still seeing people being affected by ransomware. It's pernicious and hard to get rid of once you've got it. If you haven't had it, then this is what happens - you open an innocent email and your computer starts to perform a bit sluggishly. Most people shrug this off then go to open a Word Document or Excel Spreadsheet and can't. It has .ENCRYPTED after it and there are files appearing in all your directories on how to pay to get your data decrypted. A sense of doom starts to build in the pit of your stomach and you watch as the files on your network drives start being encrypted too. Hopefully you pull the power plug and call your IT guy at this point. Then the tough stuff begins....

To stop this from happening here are some tips to keeping your PC cryptolocker free:

  • don't try to open a zip file emailed to you - if someone is sending one to you, make sure they establish contact first - it's OK to email them back to ask if they meant to send it. Most companies won't send you a zip file with their bills in it - the AGL email that recently infected a number of people is an example of this. They send their bills as a PDF
  • hover your mouse over any link in an email *before* clicking it - you'll see the actual address the hyperlink points to when you do this. Just because it says www.google.com/alkajsdflkjadf doesn't mean it actually points there. The hyperlink goes around the text to send it to the web and it could go anywhere!
  • while backups are important, RESTORES are mandatory - a phrase I heard at SAGE-AU years ago and it's still true. There are great free options out there - from Time Machine on the Mac, to CrashPlan across many platforms, Carbonite, ShadowProtect and so on. Get one, have a backup to a USB drive, and then to another USB drive - a bit of a pain to cycle through the backups, but what is your data worth to you? It's a sad situation that most people won't have the faintest idea until every word document they've ever written is encrypted and carries an $800USD price tag to decrypt it. Put an entry in your calendar to backup and do it. 
  • did I mention backups? Let me reiterate - back up your data! Test the backup! Have it disconnected from the network and don't rely on a single data storage place to back up to. If that gets corrupted (and I've seen it happen) - it's still all over
  • go slower when you are readying your emails. Take your time to really check what you've got and why they want you to click on that shiny, interesting looking link. Phishing emails, cryptolocker and other infections are just a mouse click away....


It's a dangerous world, opening up an email program on your computer or a web browser. You never know where it will take you or the risks that it will entail. You can be safe, if you exercise some commonsense!

No comments:

Post a Comment

Adventures with Immich

With the implementation of my Proxmox server it's now time to play with some new applications - and we'll start with Immich, a repla...