Eh? What does that mean?
You may have already heard about this, “the worst virus ever known”, “once it is on your PC you have lost the whole thing”, “10s of million PCs in the UK at risk” etc. The media had a field day with it. Is it that bad, is everything lost when you get it?
So what is it? Firstly it is not a virus, it is a Trojan. To get infected you have to open the gates and drag the wooden horse into your fort, otherwise known as opening an email from someone you don’t know, and clicking on a link that you have no idea about. Some website links may also cause infection. Beware of geeks bearing gifts!
Ransomware usually does something nasty to your PC and demands a monetary payment to release it back to you. Normally making the payment just makes things worse. In this case the program encrypts (makes unreadable) all your personal files (documents, pictures, music, videos etc) and demands a payment over the web to give you the key to decrypt them.
How does it happen? Well, after you click on that link that you didn’t understand, a program installs itself onto your PC and starts executing immediately. It protects itself by disabling most methods of getting rid of it using some simple but very effective techniques. Without any outward signs that it is working, it looks though all the “drives” (those identified by a letter such as C: or F:), looking for filetypes that are know to be personal data types, and encrypts them using an uncrackable encryption code. Only MS Windows systems can be infected, but files on all devices can be affected. The encryption code is stored on a secret server on the web, and without it you cannot recover the encrypted file.
When all the files it can see are encrypted, it shows a screen demanding money, with a countdown timer showing the time you have available until your data is lost forever (100 hours). If you see this screen, your data is gone unless you pay the $300 or so. If you don’t pay in time, or you try to fix it yourself the payment goes up to $1500 or more. The payment is untraceable, and so far the culprits have not been tracked down. It appears that to date, the thugs responsible for this crime have been “honest”, and if you pay the money they will decrypt your files. Personally I would rather never own a computer again than pay for this “service”.
Is everything really lost? Of course not, just format your hard drive, restore your computer to factory settings using the recovery disks you created when you got the computer, re-install all your software from the original disks, and then restore all your personal data from the most recent backup you made.
Don’t have recovery disks or backups? Things have just got complicated! The infection can be removed without too many problems, and if you have the correct settings on your computer there may (or may not) be previous versions of files available to restore from. Don’t expect to do it cheaply or quickly though.
How can you avoid it? Keep your computer software and your antivirus software up to date, and don’t click on emails or links your are not sure about. Make sure your backups are on a drive which is not permamently visible to your PC. If you do click on something you shouldn’t and you suspect something is wrong, switch your computer off as quickly as possible and don’t turn it on again until you read the website below.
See http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information for a lot more indepth information.
Incidentally, if you manage to crack the 2048 bit RSA encryption code, make sure to claim the $200,000 reward being offered to the first person to crack it. You may need a few thousand years or a similar number of computers to do it though!