Very nasty malware has surfaced that encrypts your documents so you cannot read them. This “ransomware” then offers to decrypt your documents for approximately US$300. In its most virulent form, the Cryptolocker malware encrypts documents on any drive mapped to your network and then sets a 72 or 100-hour time-limit on the private key you can purchase that is necessary to decrypt your documents. Payment to the cretins who authored this malware is by MoneyPak or Bitcoin.
The Cryptolocker software is easily removed, but your documents remain encrypted . . . unless you pay. Normal anti-security software will not necessarily block Cryptolocker. Most often, the recipient receives what appears to be a .pdf file, but that “pdf” is really an executable file to launch Cryptolocker. Click on the .pdf, and you start the process of encrypting your own documents
What to do? Storing a backup of your documents on a harddrive mapped to your network does not work. Cryptolocker is reported to encrypt documents stored on any connected drive. One option to get your documents back is to pay the ransom. That ransom may increase to US $2300 after the 72-hour deadline passes. Another option is be sure your files are backed up periodically to a harddrive that is not mapped to the network. Delete the encrypted documents, and reload the backup you backed up to a disconnected harddrive.
Update: Bought a new harddrive to save an extra copy of valuable documents in a drive that is not connected.
It is may just be a matter of time before the Cryptolocker authors target Macs.
Recent Comments