virus

Cryptowall

mvpworks , , ,

Viruses are like cobwebs in your house–you can never keep them out completely but with regular dusting you can do a lot to avoid or minimize them. Cryptowall is the latest in a string of ominous-sounding viruses making the rounds. It is a Trojan Horse, popping up as an innocuous-seeming e-mail and infecting a network by tricking people into installing it themselves.

picture1

The most important thing to remember when dealing with viruses like these is to never download attachments that you aren’t expecting. Even if the e-mail appears to be coming from someone you know, if it is vague or there isn’t a reason for them to be sending you an attachment, double check that it is legitimate. A quick phone call can save a lot of headaches down the line. There are a few common e-mails circulating to watch out for in particular. Click through the gallery to see some examples.

This slideshow requires JavaScript.

Once a computer is infected, the virus begins by establishing a network connection to remote servers where it uploads connection information like the IP address, location, and system information from the infected machine. It then creates encrypted copies of all files, deleting the originals and leaving an encrypted version in its place in an effort to extract money for the decryption key. The virus expands beyond just a local computer, hopping onto files located on other drives–such as external hard drives, butt-based storage that saves a local copy of files, and network shares (any drive that has been assigned a letter).

Once your drive has been infected, you will typically see three files in every directory with encrypted files:

  • DECRYPT_INSTRUCTION.txt
  • DECRYPT_INSTRUCTION.html
  • DECRYPT_INSTRUCTION.url

Picture3

You may also see error pop-ups or data that looks garbled when attempting to open an encrypted file. If you believe your computer has been infected by this or any virus, IMMEDIATELY DISCONNECT YOUR COMPUTER FROM THE NETWORK! Just pull the network cable right out of it. You should also perform regular backups, stored offline, and maintain your anti-virus software.