Malware holds you hostage-pay the ransom or lose your files forever

Photo of author

( — November 11, 2013) Wylie, TX — Wylie, TX


As defined by Wikipedia, CryptoLocker is a Trojan horse malware which surfaced in late 2013, a form of ransomware targeting computers running Microsoft Windows. CryptoLocker disguises itself as a legitimate attachment; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers. The malware then displays a message which offers to decrypt the data if a payment is made by a stated deadline, and says that the private key will be deleted and unavailable for recovery if the deadline passes. If the deadline is not met, data can be decrypted via an online service provided by the malware’s operators, for a significantly higher price.


Speaking with Jay Ferguson, local IT company owner of Just Call the IT Guy, he explained; “Even though we can remove the CryptoLocker malware itself from any infected machine, we will never be able to break the encryption that surrounds the hijacked data. The calls that I have received from panicked businesses expected this would be a “typical” clean-up and virus removal process, and were hoping that the message to pay the $300 ransom was a hoax. Unfortunately it is not a hoax and removing the virus in no way will decrypt their files. The next step is to check to see what type of backups they have been using, as herein lies the key to whether they will have any files that can be restored or if I have to advise them to pay the ransom.”


Ferguson went on to explain, “Depending on the backup process you use, there may be a chance to recover most if not all of the data that has been encrypted.  Not all backups are equal, and this is where I find that many IT companies are not protecting their clients’ best interests by not offering backups that have versioning. Say for instance you back up your data 3 times a week or even nightly, a standard backup simply overwrites the last back up to include any new data. With a virus such as CryptoLocker it may take 3-4 days to surface while it has been silently gathering all your data. By the time you see the ransom note you may have already backed up the encrypted files over your last saved files, leaving nothing to restore. The difference in using backups with versioning is that each backup is a standalone version that has not been overwritten. While you may lose 2-3 days of your most recent data updates, you still have full access to everything that was backed up to that date. I only recommend that our clients use a cloud versioning backup program.  In today’s world, data is the lifeblood of most companies and those resources are constantly at risk”.


Ferguson continued; “To further minimize your overall risk make sure you do not open attachments from unknown sources. Be smart, if you weren’t expecting a package or delivery from the source that sent you an email then it likely is a virus, delete it”.



Just Call the I.T. Guy

Local Office
Wylie, TX 75098