Ransomware

Mobile Computer Services are warning all our clients about ransomware, it encrypts your data, at present infected computers CANNOT be decrypted, without paying the Ransom

What is Ransomware

It is a program released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Vista, 7, 8 and 10, Macs are also affected.


 This Program will encrypt your files using a mixture of RSA & AES encryption. When it has finished, it will display a payment demand that prompts you to send a ransom of either $900 or up to $12,000 in order to decrypt the files.This depends on how long it takes you to respond and pay the Ransom.


This screen can also display a timer stating that you have 96 hours, to pay the ransom or it will delete your encryption key and you will have no way to decrypt your files. This ransom can only be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will start to decrypt the files.


CryptoLocker

How do you become infected with CryptoLocker

This infection is typically spread through emails that pretend to be customer support related issues from Australia Post, AGL, Tollways or ATO. These emails contain a zip attachment that when opened will infect the computer. The latest batch comes from programs planted on your system from using public WiFi !

These zip files contain executable's that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.


Ransomware

What should you do when you discover your computer is infected


When you discover that a computer is infected, the first thing you should do is disconnect it from your wireless or wired network. Then shut it down. This will prevent the program from further encrypting any files. Reports say that once the network connection is disconnected, it will display the Ransomware screen. It is important to note that the CryptoLocker infection spawns two processes of itself. If you only terminate one process, the other process will automatically launch the second one again.



Is it possible to decrypt files encrypted by CryptoLocker?

At this time there is NO WAY to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Newer variants of Ransomware will attempt to delete the Shadow Copies and your programs. If you need more information about how to restore your files please call us immediately on. 6552 7611

If you do not have Reliable Backups, then you will need to pay the ransom in order to get your files back.


Bitcoin Payment

These Programs allow you to pay the ransom by sending bitcoins to an address shown in the decryption program. Bitcoins are currently worth over $1200 USD on some bitcoins exchanges. The cost of the key remains the same if your within the standard 48 hour time frame, but if that has expired the price increases with time.



This is a very clever program that will lock down everything on your computer, including external drives plugged in to it. The antivirus companies report they still have NO SOLUTION for an infected computer.

Restoring and or using a backup is the only way of getting your data back. We can help you to back up your data and put in place prevention methods to keep this program from running, once infected it cannot be removed without paying the ransom or formatting and restoring your old data.

Formatting and reinstalling the operating System can be done easily, your backed up data is then migrated back to your system. This can be a time consuming process, depending on how much data you have, however it will work. Prevention is better than the cure in all cases.


Please contact us immediately 6552 7611 if you believe you have become infected with any ransomware program or if you need help backing up your data and programs.



Back To Top Of Page



Return To The Home Page From Ransomware


Go To The Computer Service Page


Go To The Contact Us Page