There’s a new piece of malware making its way around the Internet; its name depends on whom you ask, but in most cases it’s called “CryptoLocker.” Instead of trying to spread itself through your network, it simply finds the important files on your computer and network and encrypts them so that you’re denied access. Files like Word documents, Excel spreadsheets, and even photos can be affected – soon you’re presented with a window asking for ransom and offering to unencrypt your files. There’s no reasonable way to clean your files, meaning your only option is to restore them from a backup.
So, how does CryptoLocker enter your system in the first place? Typically it’s sent as an email attachment. Currently it comes as a zip file attached to an email claiming to be from the Better Business Bureau. Still, the next time we see it, the email could appear to be from the IRS, a bank, or even from FEDEX. It’s absolutely crucial to remember that you should never open an attachment in an email if you’re not expecting it, regardless of who it’s from.
Always ask yourself, “Why would the IRS be sending me a zip file?” I like to think of this as “context”; it’s the first step in protecting your computer, and more importantly your data, from viruses, spyware, and other rogue software that the IT world calls malware.
I suggest you view every file your computer wants to download in terms of the context it arrives in. For example, my brother and I exchange emails frequently, but what if he sends me an email with just a link to a video? That’s not a way we typically exchange messages, so because it’s “out of context” I would immediately be suspicious of the email.
At this point I should do one of two things – either delete the message, or check with him to see if he really sent it. Under no circumstances would I open the link. This also applies to browsing the Internet. If I go to the web page for ESPN to check on the score from the Chiefs game and I get a message that my computer wants to download a piece of software, that’s also “out of context.” I’ll quickly shut down my browser window and might even reboot my computer, then run a virus scan.
That leads us to the next two things you should do to keep sensitive data safe. First, always run legitimate and up-to-date antivirus software. Remember, there’s a lot of phony antivirus software to be found on the Internet, which is why Spade Technology recommends either buying something off a reputable and trusted vendor, or consulting with your IT company. Most antivirus software requires an annual subscription, so make sure you keep it current. Although there are some decent free antivirus products available (Microsoft has one) it’s good to remember that you tend to get what you pay for. The second thing you can do is make sure that your applications are all up to date. Much of today’s malware exploits security problems in applications that we use daily. Virus creators poke at software looking for holes or things that don’t quite work right, and they use those to spread their virus. Software manufacturers then patch that hole and release an update and the circle begins again. It’s essential to update all of the applications on your computer, one tool called Ninite, from www.ninite.com, allows you to update all of your applications with one package.
Sometimes, unfortunately, none of these precautions work – so always backup your data. Spade Technology recommends a two-plus-one backup strategy; everything that’s important to you should be kept in two places with additional off-site storage. For example, my “once in a lifetime vacation” pictures are on my computer, an external hard drive, and a DVD in the safe deposit box. With data, if my applications aren’t up to date, my antivirus software lets me down, and my common sense goes astray, I still have of the data my business needs to continue operating effectively. With these steps you’ll find that you’re safe and better off in the long run, and so is your data.