Byte Me Article 146 – Hackers get upper hand

Hackers Get the Upper Hand

It has finally happened!  We have one of our customers that has fallen victim to Ransomware software that can’t be bypassed – this is a first in 16 years and I hope it is not a sign of more to come.  What is this all about?  Ransomware is software that demands that you do something (usually pay someone) to gain normal access to your PC.  It is normally in the form of “Your PC is infected with 382 viruses and you need to click here (and pay $80) to fix”.  These have been idle threats and we can remove the software that is creating these messages – until now.

In this case the Ransomware has encrypted the customer’s data files and is preventing them from being opened.  This latest Ransomware – called Cryptolocker is normally first activated by opening an email along the lines of “You have a refund from the ATO” or “Your parcel is waiting for collection” – “Click here to view these details”.  The Ransomware quickly searches all of your data files, network files and email files and very efficiently encrypts them so that they cannot be opened.

Cryptolocker then proudly and boldly tells you that your personal files are encrypted and the only way to get them back is to pay $300 US through a certain online currency transfer process.  As of today – there is NO OTHER WAY of getting your data back – unless you have backups of your files from before you got the Ransomware software.  Cryptolocker also only gives you a limited time (around 100 hours) to make the payment or your data will be rendered useless regardless of wanting to pay or not.

2013-10-12 Byte Me Article 146- Ransomware

There are only 3 options here.  Restore your data from a previous backup (as stated) or pay the $300 US within the specified time or forget about all of your data.  We hate to see these sorts of cyber terrorists getting rich from these activities (and they will be currently getting millions from this scam) but this particular software has been written by VERY VERY smart people that are already well funded and will remain above the law in whatever country they are currently residing in.

Also the interesting thing in this case is that the creators of the software are so far true to their word and paying the ransom is releasing the customer’s data for continued use.  I guess it is in the creators’ best interests to have people know that the $300 ransom will actually get a result – simply to get more people paying up!  In this case we had to recommend to the customer to pay the ransom as they did not have a proper backup of their data.

How do you avoid this one?  Never click on emails that are not from a known / trusted source and always have a proper backup system (which can go back several days) if you care about your business and or personal data. 

Future Byte Me topics can be emailed to [email protected] and Bruce is contactable at Kerr Solutions, 205 Musgrave Street or on 49 222 400.

For more advice and assistance from Kerr Solutions, like and follow us on Facebook