Some good news has recently been released regarding the CryptoLocker ransomware virus.  The CryptoLocker virus has infected over 200,000 systems and generated $27 million in ransom payments from desperate people hoping to get their data back since it was released last September.  Authorities have finally identified Russian hacker Evgeniy Mikhaylovich Bogachev as the mastermind behind both the CryptoLocker virus as well as the Gameover Zues virus, which specialized in stealing banking information as well as a channel for further infection with the CryptoLocker virus.

Unfortunately, due to the Russian policy that doesn’t allow accused criminals to be extradited to other countries, Bogachev is free for the time being.  It is expected that he will regroup and launch new botnets in the coming weeks.

Additionally, cyber experts are now finding knock offs of the Cyrptolocker virus.  While the encryption is not as strong as the original Cryptolocker, it is still very dangerous and at this time, the encryption cannot be broken.

Even if the ring leaders of this scam are arrested, it is not likely that this will just go away.  We can expect this to be an ongoing issue for quite some time.  Here are a few things that can be done to prevent disaster:

1) Make sure you have proper backups and a disaster recovery plan.  Having a backup that is checked regularly is extremely important.  It is also key that your backup system include file versioning.  Cryptolocker feeds off of individuals and businesses that have only one version of their critical data.  It is strongly recommended to make sure your backups keep at least 3 versions of each file.

2) If you think you have the CryptoLocker virus, turn off your computer and disconnect it from the network immediately.  While the data on your computer is likely already encrypted, by detaching it from the rest of the network, you stop the possibility of the virus to spread throughout the office.  The only thing worse than getting the CryptoLocker virus on your computer is getting it on all of the comptuers in the office.

3) Never open an attachment from a sender you don’t recognize.  The majority of CryptoLocker infections come in through email attachments.  If you do not recognize the person that sent you an email with an attachment, DO NOT open it.  If you are unsure whether the email is legitimate or not, give the person a call if you have their phone number to verify that they actually sent the email.  Always better to be safe than sorry.

If you think your computer has the CryptoLocker virus, please call our office at (516) 665-9313  and we will provide you with any assistance we can.  While the best option is always to have the proper policies and procedures in place beforehand, we will be happy to help get you up and running again if you experience a CryptoLocker emergency.