Man-day Post: The Internet Is A Bad Neighborhood- Meet the Cryptowall Virus

In Man-day by Jensguy19 Comments

It is time to wake up to the new reality of the internet. It can be a very dangerous place.

I am an IT guy, and I am really, really good at what I do.  This week I saw something that shook me.

Meet the Cryptowall virus.  It will launch on your system and inflict most of your files with very strong encryption, then will charge you a ransom to give you the “key” that will allow those files to be useable again.

Here are the really scary things about this virus:

1.  If your files are encrypted, they cannot be unencrypted without help from the hackers.  A brute force password hack would take almost 7 years of uninterrupted work to do this.  There aren’t any magical Hollywood hacker shortcuts that some genius can give you.  You are stuck.

2.  The price they charge you is $500.  If you do not act in 48 hours, the price goes up to $1000.  The thing is, that even if you pay the ransom, there is no guarantee the “fix” will work.  These people are criminals, they do not have a tech support line.

3.  The virus was invisible to any virus protection software that I threw at it, even though it was obvious that the computer was infected.  That means that it is unlikely what you are using on your machine right now would even be able to stop it.

4.  The people that are making this virus are pros.  They have “fixed” many of the workarounds that someone like me would use to help their victims.  Even the latest information I could gather about the Cryptowall that was only 3 weeks old was outdated as to how the virus worked.

5.  This means that the virus is nearly invisible and mutates weekly to stop people like me from fixing it.

6.  It will also attack your backups, even an online solution like DropBox.  It is Really, REALLY bad. For the record, I was able to use other methods to get the client’s data back even after it had attacked their backups.  But I was very, very fortunate.  And, just like after Apollo Creed defeated Rocky in the first Rocky (spoiler alert) after my battle with the Cryptowall I concluded that there “Ain’t going to be no rematch!”

So to stop this from happening to you, you will need to plug some holes in your security.  Fortunately I found an application from Foolish IT that does this for you.  Go to the CryptoPrevent download site and get the free version for starters (scroll all of the way to the bottom.)  If you can spare the cash, get the paid version as these folk have done a lot of good work.  For the free version mark that you do not have a code, you aren’t yet interested in a code, and you want the default protection.

Also, you need to be running backups.  Either spring for Carbonite or Mozy, or if you have an external hard drive, Easeus Todo Backup will work really well (this version is free.)  This is the point that if any of what I am writing about is sounding confusing, you will probably need to hire someone or bribe your techie friend or nephew to get this done for you.  But the message is that you NEED to get this DONE right away.   There is no longer any more time to delay this. I have been battling computers viruses for years and this is the scariest one I have seen yet.

For the record, in the past year, the following companies have admitted to large scale hacking:

Neiman Marcus

UPS

Goodwill

P.F. Chang’s

Sally’s Beauty Supply

Michaels

Home Depot

Target and as of a couple days ago, Jimmy Johns. That means that if you did business with these stores, it is possible that someone was able to obtain your financial and customer information.  You need to check with your bank to make sure that you have fraud protection on any card or checking account that you are using.  Just as important, you need to realize that these companies have full IT staffs employed to stop these type of things from happening, people who live, eat, and breathe this stuff.  They failed.

The time has come to start taking this stuff seriously.

Jensguy

Comments

    1. Yep, I’m normally pretty cocky when it comes to stuff like this because generally the viruses I see are made by amateurs and are pretty easy to bypass. This was made by professionals in every aspect who are truly despicable individuals. I suspect this is going to get more prevalent as we move forward. This is why I am suggesting that we all become more security conscious.

    1. The two most common ways would be an email, probably from someone you know, with a heading like, “Here is that fax I tried to send you. . .” or actually infecting a website (or blog) with the virus and having it infect the visitors. Remember how a couple weeks ago I shared that people were trying to hack your blog? Dropping something like this in your site to infect your users would be one of the possible reasons.

  1. I’d like to know too if it’s something you do or just by surfing the internet randomly. I usually use my sound judgement and do not go to suspicious site/click on random links thrown at me and triple check every supposed-to-be-official email but this sounds scary. I’ll definitely look into this!
    Ana Lynn recently posted…Fun Fall Activities For KidsMy Profile

  2. Ana, indeed not going places that will be trouble is a great strategy, but as I mentioned in the comment above, they will send the files from people you supposedly know, or infect a website that you often visit and assume is safe. The people looking to infect your computer are a whole lot smarter and better prepared than they were over a year ago. Just make sure that you have versioned backups for a good start like any of the systems I recommended.

    1. Yeah, I’m glad I was able to help them too. It certainly helped my rep as a tech miracle worker. Most of that, however, is persistence and a little bit of luck.

  3. Okay JensGrimReaper, I mean JensGuy… this has me completely and totally freaked out. I do have a question though. Let’s say, a blogging friend has the virus, don’t I have to download it to get it? I’m a little confused. Do I have to click a link to get it? I want to check out that CryptoPrevent download site link but I’m too scared. LOL. Look what you’ve done to me!

    Another question… what about Macs and Chromebooks (that don’t have operating systems) are they safer?

    Ick, I feel sick. I’m ready to pack up and isolate myself on a farm in the middle of nowhere.

    Thanks in advance for this info… even though it completely freaks me out.
    Jennifer | The Deliberate Mom recently posted…I Can’t Forgive HerMy Profile

    1. Do you have to download to get it? Yes, and no. It depends upon your security settings. Generally it would give you a prompt, but it wouldn’t be obvious. . It would say something like “java needs to update. yes/no?” rather than “potential computer killing virus wants to access your machine, yes/no?” That is the problem with Microsoft security, you get asked so many questions, you become numb to what they are talking about. But, yeah, the viruses are getting better and more evil, and it will get a lot worse before it gets better.

      And as far as Macs or Linux can’t get viruses, they can it’s just that their marketshare isn’t worth the virus programmer’s time. Apple, however, just had iCloud hacked which is almost mandatory on iphone 5 and up. That is a much bigger deal than the scandalous photos that were released. Chromebooks use Linux so they have an OS, and Linux is probably the most secure of the OS’s just because of the open source nature make it easier to find and flush out the holes.

      The link I gave you is safe and the download is digitally signed so you should be OK with that.

      Sorry to scare anyone, but if people take a little bit of care up front, they can avoid A LOT of the problems people pay me to fix.

  4. Oh, that freaks me out. I never get particularly worried about viruses but that creeps me out. My question is how to tell if someone is hacking your site? I have never noticed any unusual activity (other than ridiculous amount of comment spam- about 1000 per week, maybe more). I also have a daily backup service that I pay for but that is more because I am prone to fudging up something myself. Are there any hallmarks that your site is being used as a gateway?
    Rachel recently posted…Italian Breaded Pork Tenderloin with Smithfield All Natural PorkMy Profile

    1. Just make sure you have your proper backups and don’t OK software or accept email attachments that are unfamiliar to you and you will be fine. It is just that people will read this and STILL not do those things. Those people feed my children. . .

    1. Just have a versioned backup with Carbonite or with the software program I linked and you will be fine. For extra protection, have a copy of your photos burned on a DVD and stored somewhere other than your home in case of something extreme like a flood or your house catching fire.

  5. This is timely, even though I’m just now reading it.

    I have been visiting the same blogs for years and have just noticed that I’m getting a lot of notices stating that “XYZ needs to be updated for you to have the best experience viewing this site.” Could it be valid? Yep. Could it be Crypto or some other such piece of nasty surprise? Yep.

    After the whole blacklist experience, I haven’t clicked Yes to update anything like that. I’ve simply exited out and typed in the blog address again and proceeded to read through the articles without receiving the error again. I’m probably doing more harm than good but I’m seriously gun shy nowadays.
    Sarah Nenni Daher recently posted…Easy Monster WreathMy Profile

Leave a Comment