Right Click Computer Solutions has dealt with several clients over the last few weeks who have been infected with the CryptoWall ransomware trojan virus,  It is very similar to the CryptoLocker Trojan that came out about a year ago in that the virus will encrypt all files on your computer as well as all network shares that are mapped on the computer.  Files that the CryptoWall trojan will encrypt include Word documents, Excel spreadsheets, PowerPoints, PDFs, pictures, etc.  The encrypted files are unbreakable and rendered completely useless unless your pay the “Ransom” for the decryption key, which is typically anywhere from $500-$1500.  Typically the CryptoWall trojan is downloaded through an attachment in an email, usually through a hacked email account of someone you know or an email from a well known company such as a UPS tracking number or a Xerox scanned document.

In order to restore files, you have the option of paying the ransom to download the decryption software, which is essentially paying the criminals to give you access back to YOUR files.  Keep in mind that even if you pay the ransom this does not guarantee that you will be able to get your files restored.  Something can go wrong and it’s not like you can call into the support line for these criminals and ask for help restoring your files.  If you decide to pay the ransom and get your files back, consider yourself lucky.  If you pay and the decryption software doesn’t work, you’re out whatever you paid for the ransom and you still don’t have access to any of your files.

Alternatively, if you have a proper backup, you can restore files from your backup (as long as they are not backed up to an external hard drive that is connected directly to your computer…CryptoWall will encrypt these files too).  It is imperative that your backup solution gives you the option of file versioning and snapshots, as your most recent backup will likely have a copy of the files in their encrypted state.  If you are unsure if your backup solution will keep you protected against the CryptoWall trojan, feel free to call our office and we will be glad to assist you.

What can you do to keep the CryptoWall trojan out of your network?

The CryptoWall trojan is currently going undetected through the majority of antiviruses.  Implementing a good network level firewall will certainly help keep CryptoWall out, but even a good firewall does not guarantee that it will be blocked from entering your network.

The best thing to do to ensure that you are kept safe from the Cryptowall trojan is to make sure you are 100% positive that you trust any attachment or link that is sent in an email.  Almost all known instances of CryptoWall have been downloaded through hacked email accounts, so unless you are certain you trust the attachment or link, DO NOT CLICK IT.  If you find an email suspicious, the best thing to do is call the person who sent you the email and ask them to verify that what was sent to you is legitimate.  Alternatively, you can respond to the email and ask the sender to verify the validity before opening anything.  If you don’t know the person that sent the email, do not click any links or open any attachments, just delete the email immediately.

While there is no foolproof way to keep yourself protected from CryptoWall, some caution and good judgement will go a long way in making sure that you don’t get infected.  Additionally, this is great opportunity to look into backups and a disaster recovery solution to ensure that your companies data is protected in this ever changing (and sometimes malicious) world of technology.

If you have questions about keeping yourself protected from CryptoWall or would like to speak with us about having a proper backup disaster recovery implemented into your business, please call our office at (516) 665-9313 and we will be glad to help you.