Anti-Malware

 

Cryptowall malware is the worst of the worst

These particular Malware are called “ransomeware” because they will lock up all your files and sell them back to you.

Cryptolocker and Cryptowall 2.0  3.0  and now upgraded to version 4.0 can and will destroy all your hard work unless you pay their ransom fee.

Either makes just about everything you’ve got on your computer totally useless.   The malware encrypts your Word files,  Excel files,  Powerpoint files,  Photoshop files, even your PDF files (and yes, even more types of user created files than that) with a strong encryption that is impossible to unencrypt without the key that they offer to sell you.  In other words the malware destroys just about everything you’ve done and the only way to get them back is to pay the ransom.

Once infected, your only recourse is to load a backup of all your files.  This backup must be disconnected from your computer during the attack.  If you backup to a connected external drive or USB memory stick or even to a network drive, then beware because if your backup files are still connected when you are attacked then they become uselessly encrypted as well. That’s right, it will lock up your backup as well if it can get to it.

Malware (the worst being Cryptowall) is the new scourge of the Internet.

Hour Computer ManSkeptical? Having doubts or reservations since you’ve never heard of me or Cryptowall before? Don’t blame ya!  Check out this Fox News Flash by clicking the picture below.  It is from a Connecticut news site (let me know if the link no longer works.  It could have been moved or even take it down to make room for more stories):

Cryptolocker_and_Cryptowall_malware_take_your_files_hostage
You should be able to watch this Fox news report  by just a click of the picture, but here is the actual url link that will take you to it If necessary.  Simply copy and paste it into your browser. http://foxct.com/2014/11/20/cryptowall-2-0-virus-infecting-connecticut-computers/

WOW!  After seeing that then you know that you need a backup.  But there’s more you need to know.  

Backups that are made to a connected USB stick or hard disk drive or a connected network drive will also be encrypted by these villans if they are connected at the time of the attack.  You need to be prepared with a backup of all your important data that is not connected to your computer.  You need Carbonite, the best online backup.  One of the reasons it is the best is because they can’t get to it.  If you know what you are doing, then just go get it here.  If you don’t know what you are doing, then Call Me or email me.  But whichever you choose get ready. Cryptowall is out there making the rounds and with every new version they include new ways infect.

You might think, “no problem I’ve got all my files on dropbox.com”.  No,  “The infection can infect not only local hard drives but also mapped cloud drives, such as Google Drive or Dropbox” (That quote is from http://www.tomshardware.com/news/cryptolocker-cryptowall-ransomware-malware-viruses,27576.html.)  Dropbox and other online “cloud storage” sites allow you a direct link from your computer and they allow Cryptowall to encrypt through that link.

You need something better and the best is Carbonite.

Speaking of dropbox, that is one of the several ways they deliver this menace.  They put the malware in a dropbox and send out a fake voicemail.  If you click the link, you get infected.

Dropbox delivery of Crypto malware

I have personally been involved now with 4 now 5 now 6 now 7of these disastrous infections and hope I never see another.  In the last one it got into the server from the infected workstation and infected 5000 shared files.  It was a disaster.  It took me days to help the victimized company to fully recover.

Be very careful in opening up any attachment as most often the attack begins by opening an attachment to a FedEx or UPS shipping notice or a Banking email.  I know one customer who got it from opening an airline ticket attachment and as he opened it he thought, “I didn’t order an airline ticket”.   Too late; got him.  Beware!  I know another customer who got it from opening up an attachment in an email from a bank he does daily business with.  As he opened it he thought, “I don’t recognize the sender’s name”.  Too late; got him too.

But you can also get infected in other ways as well.

Cisco systems says they found it embeded in legitimate advertisements on well known sites like Facebook and Disney (http://www.tripwire.com/state-of-security/latest-security-news/malicious-ads-on-disney-facebook-the-guardian-websites-lead-to-cryptowall-ransomware/ ).  Wow!, Facebook and Disney? You never know ahead of time where they are going to put this infection.  They are making lots of money with this malware and they are reinvesting it into better and better versions. These bad guys are good programmers.

According to estimates from the FBI, “Ransomware hits thousands every week, and costs users $18 million in losses.  Other figures suggest “the Cryptowall family alone has generated about $325 million in bitcoin ransoms.” –Zdnet.com

Once infected, you will get a popup saying your files are encrypted and it will demand a ransom to get them back.  I have seen different ransom amounts, $300, $500, and $750 each of which doubles if you delay passed their deadline.

Be prepared for it with a current Off-Computer backup.

Hour Computer ManGet Carbonite now by clicking this link! The personal version is barely more than a dollar a week.  How much are your pictures and documents worth?  You can get a 15 day free trial while you think about how else you want to handle the situation.  But do get some kind of  “off your computer” backup.  Do it now! You don’t want this terrible infection.

Cryptolocker at first and now Cryptowall are horrific programs developed and released by a group of individuals working out of Russia and the Ukraine.   The FBI has been chasing down the suspected leader, Mikailovich Bogachev,  but he remains at large while he is featured on the FBI’s Cyber Most Wanted List.

mikhailovich-bogachev copy

 

His first version of the malware was called Cryptolocker.  The FBI with the help of officials from other countries found the computers that handled the money processing and shut them down mid 2014.  Here is a story describing the take down: http://www.usatoday.com/story/news/nation/2014/06/03/fbi-busts-russian-hacked-created-zeus-cryptolocker/9919985/   (Please let me know if the link no longer works.  They may move it or even take it down to make room for other stories.)  Once the computers were taken down that was the end of Cryptolocker but soon a new and improved version called Cryptowall surfaced.  It’s out there, be prepared for it.  Carbonite will automatically backup what you decide to have backed up and keep it in a safe and secure environment on the web.  It is even approved for medical and legal computers. Not even Bogachev and his extorsionist thugs can get to your Carbonite backup.

Carbonite is the #1 online backup solution.  If you know what you are doing, go get it by simply clicking the red link above.  If you don’t know what you’re doing call me.  I can help you understand your options and help you get it on your computer. Once on there, let’s make sure it is backing up all that you want backed up and when you want it backed up.

Here’s an update:   Cryptowall  was improved to version 2.0 and then Cryptowall 3.0 came out in January 2015.  From http://www.bleepingcomputer.com/: “After a brief hiatus of CryptoWall infections during the holidays, yesterday the malware developers released CryptoWall 3.0. Their only changes in this version compared to the previous one are ransom note filename changes, new TOR gateways, and an extended deadline to make the payment. Other than that, CryptoWall 3.0 is the same piece of garbage we have come to hate in CryptoWall 2.0.”

It is still out there circulating the Internet.  Despite all the money he’s made, Bogachev has not retired.  Typically these guys keep innovating and creating new and different schemes to see what they can get away with until they are finally caught.  According to CTU at Dell Security Works by Aug. 2014 Cryptowall had already infected over 600,000 computers with over 250,000 of them being in the US. Click here for the full story in PC World Magazine.  Note those figures are from mid 2014.  They are a lot higher now.

In the meantime get prepared, get Carbonite .  If you already have Carbonite, good for you; you are prepared for anything.  If you have the time, tell me about your experiences with it, and pat yourself on the back because you deserve a gold star. You chose the best and you are prepared for the worst.

If you get infected with Cryptowall,  click this.