Man-day Post: The Internet Is A Bad Neighborhood- Meet the Cryptowall Virus

In Man-day by Jensguy

It is time to wake up to the new reality of the internet. It can be a very dangerous place.

I am an IT guy, and I am really, really good at what I do.  This week I saw something that shook me.

Meet the Cryptowall virus.  It will launch on your system and inflict most of your files with very strong encryption, then will charge you a ransom to give you the “key” that will allow those files to be useable again.

Here are the really scary things about this virus:

1.  If your files are encrypted, they cannot be unencrypted without help from the hackers.  A brute force password hack would take almost 7 years of uninterrupted work to do this.  There aren’t any magical Hollywood hacker shortcuts that some genius can give you.  You are stuck.

2.  The price they charge you is $500.  If you do not act in 48 hours, the price goes up to $1000.  The thing is, that even if you pay the ransom, there is no guarantee the “fix” will work.  These people are criminals, they do not have a tech support line.

3.  The virus was invisible to any virus protection software that I threw at it, even though it was obvious that the computer was infected.  That means that it is unlikely what you are using on your machine right now would even be able to stop it.

4.  The people that are making this virus are pros.  They have “fixed” many of the workarounds that someone like me would use to help their victims.  Even the latest information I could gather about the Cryptowall that was only 3 weeks old was outdated as to how the virus worked.

5.  This means that the virus is nearly invisible and mutates weekly to stop people like me from fixing it.

6.  It will also attack your backups, even an online solution like DropBox.  It is Really, REALLY bad. For the record, I was able to use other methods to get the client’s data back even after it had attacked their backups.  But I was very, very fortunate.  And, just like after Apollo Creed defeated Rocky in the first Rocky (spoiler alert) after my battle with the Cryptowall I concluded that there “Ain’t going to be no rematch!”

So to stop this from happening to you, you will need to plug some holes in your security.  Fortunately I found an application from Foolish IT that does this for you.  Go to the CryptoPrevent download site and get the free version for starters (scroll all of the way to the bottom.)  If you can spare the cash, get the paid version as these folk have done a lot of good work.  For the free version mark that you do not have a code, you aren’t yet interested in a code, and you want the default protection.

Also, you need to be running backups.  Either spring for Carbonite or Mozy, or if you have an external hard drive, Easeus Todo Backup will work really well (this version is free.)  This is the point that if any of what I am writing about is sounding confusing, you will probably need to hire someone or bribe your techie friend or nephew to get this done for you.  But the message is that you NEED to get this DONE right away.   There is no longer any more time to delay this. I have been battling computers viruses for years and this is the scariest one I have seen yet.

For the record, in the past year, the following companies have admitted to large scale hacking:

Neiman Marcus



P.F. Chang’s

Sally’s Beauty Supply


Home Depot

Target and as of a couple days ago, Jimmy Johns. That means that if you did business with these stores, it is possible that someone was able to obtain your financial and customer information.  You need to check with your bank to make sure that you have fraud protection on any card or checking account that you are using.  Just as important, you need to realize that these companies have full IT staffs employed to stop these type of things from happening, people who live, eat, and breathe this stuff.  They failed.

The time has come to start taking this stuff seriously.