The latest variant of the Ransomware known as Cryptowall 2.0 is a particularly nasty piece of malware, and it’s been hitting individuals and businesses in Danville, Boyle County, and the surrounding areas.
How Did I Get The Cryptovirus?
Like most viruses, this one will invade your systems through the standard routes including: malicious websites, email, downloads, and ads. However this virus can also spread through files and attachments such as Adobe PDF documents.
In fact, PDF files are the primary transmission route of this particular virus.
Once you have the virus, it can travel across your network to infect some or all of the machines connected — and it can infect any “backups” you have that are connected to your computer — including “cloud based” backup systems.
What Does the Cryptowall Virus Do?
Once activated, the Cryptowall 2.0 will attempt to encrypt your personal files (pictures, emails, Word documents, PDFs etc…) with a 2048 key RSA encryption algorithm so complex, our own government has not yet been able to break it.
What Can I Do If I Get Infected with Cryptowall?
The encrypted files cannot be recovered without paying the ransom fee, which will give you access to the decryption program. Once you have the decryption key, you will have to manually run that key program on the infected computer or computers.
I Know Someone Who Had This (and Paid the Ransom) Can I Use Their Key?
The decryptor is infection specific, which menas that you will not be able to borrow the file from someone else that has already paid the ransom fee.
How Do I Pay The Ransom?
If you do decide to pay the fee to get your personal files back, you will have to buy approximately $500 worth of Bitcoins (depending on the current conversion rate, which fluctuates daily), which involves setting up a Bitcoin wallet and purchasing the Bitcoin from a reputable online dealer.
You will then have to send the payment in Bitcoin form through the TOR payment gateways that are specific to the particular virus that has infected your system. If this ransom fee is not paid within 5 days, the ransom will double to $1000 worth of Bitcoin.
How Do I Remove The Virus?
After payment is made and the transaction processes is validated through the Bitcoin network, you should (if everything goes according to plan) receive a link to download the decryptor specific to your infection.
When you receive the file, you can run it on your system to decrypt your files, but this is not a simple process.
Things to note:
- If you leave your system unprotected, without a good anti-virus program, your computer could become re-infected and you will have to go through this nightmare all over again.
- You should clean the infection on your machine before decrypting your files, otherwise they may become infected again as soon as you decrypt them.
- This cleaning and decrypting process is best handled by a qualified technician.
- Receipt of the key is never a “sure thing” and you could possibly be out the money AND your files — Afterall, you are now negotiating with criminals.
How Can I Protect Myself?
PLEASE purchase a good anti-virus software program and keep it updated. We recommend Kaspersky to all our clients and install more of this product at our shop than any other.
Buy an external hard drive (or two) and backup your files REGULARLY to a drive that does not stay plugged into your computer or your network.
If you need advice regarding removing an infection or have questions on prevention, best back-up practices, or any other technology questions, please give us a call at Danville Computer Doc, 859-755-4344.
We want to help you keep your computer and your files safe!