Mobile Computer Services are warning all our clients about ransomware, it encrypts your data, at present infected computers CANNOT be decrypted, without paying the Ransom
What is Ransomware
It is a program released around the beginning of
September 2013 that targets all versions of Windows including Windows XP, Vista, 7, 8 and 10, All Macs are also affected.
This Program will encrypt your files
using a mixture of RSA & AES encryption. When it has finished, it will display a payment demand that prompts you to
send a ransom of either $900 or up to $12,000 in order to decrypt the files.This depends on how long it takes you to respond and pay the Ransom.
This screen can also display a timer stating that you have 96 hours, to pay the ransom or it will delete your encryption key and you will have no way to decrypt your files. This ransom can only be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will start to decrypt the files.
How do you become infected with CryptoLocker
This infection is typically spread through emails that pretend to be customer support related issues from
Australia Post, AGL, Tollways or ATO. These emails contain a zip attachment that when
opened will infect the computer. The latest batch comes from programs planted on your system from using public WiFi !
These zip files contain executable's that are
disguised as PDF files as they have a PDF icon and are typically named
something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not
show extensions by default, they look like normal PDF files and people open
What should you do when you discover your computer is infected
When you discover that a computer is infected, the first thing you should do is disconnect it from your wireless or wired network. Then shut it down. This will prevent the program from further encrypting any files. Reports say that once the network connection is disconnected, it will display the Ransomware screen. It is important to note that the CryptoLocker infection spawns two processes of itself. If you only terminate one process, the other process will automatically launch the second one again.
Is it possible to decrypt files encrypted by CryptoLocker?
At this time there is NO WAY to retrieve the private key that can be used to
decrypt your files without paying the ransom. Brute forcing the decryption key
is not realistic due to the length of time required to break the key. Newer variants
of Ransomware will attempt to delete the Shadow Copies and your programs. If you need more information about how to restore your files please call us immediately on. 0428 422 010
If you do not have Reliable Backups, then you will need to pay the ransom in order to get your files back.
These Programs allow you to pay the ransom by sending bitcoins to an address shown in the
decryption program. Bitcoins are currently worth over $1200 USD on some bitcoins
exchanges. The cost
of the key remains the same if your within the standard 48 hour time
frame, but if that has expired the price increases with time.
This is a very clever program that will lock down everything on your computer, including external drives plugged in to it. The antivirus companies report they still have NO SOLUTION for an infected computer.
Restoring and or using a backup is the only way of getting your data back. We can help you to back up your data and put in place prevention methods to keep this program from running, once infected it cannot be removed without paying the ransom or formatting and restoring your old data.
Formatting and reinstalling the operating System can be done easily, your backed up data is then migrated back to your system. This can be a time consuming process, depending on how much data you have, however it will work. Prevention is better than the cure in all cases.
Please contact us immediately 0428 422 010 if you believe you have become infected with any ransomware program or if you need help backing up
your data and programs.
Return To The Home Page From Ransomware
Go To The Computer Service Page
Go To The Contact Us Page