More on computer scam

Following our story yesterday about a computer scam, we have received the following which may be of interest:

A customer of mine has sent me a link to your item on CrptoLocker- 'Computer Scam Alert'. There's a few things I think should be corrected to avoid confusion about this threat:

1. It doesn't render the PC unrecoverable – it's actually pretty specific in its attack and only encrypts certain file types. These are currently 'business' related files such as.docx and.xlsx- it doesn't encrypt image files that home users tend to have a lot of.

This is likely to be related to two things – business users have potentially more valuable files they will pay to recover, and people tend to have LOTS of image files which would take extra time to encrypt- especially as they now tend to be several meg each.

It's known that CryptoLocker scans and compiles a list of target files before the encryption process begins. As the actual encryption process requires stealth to complete, it's vital that the malware completes this as soon as possible. Once the files are encrypted, the ransomware reveals itself. Adding images to the list of files to encrypt would make the malware vulnerable to detection before it's completed it's encryption.

2. The actual malware is trivial to remove – but it knows that the files it attacks cannot be decrypted without an external key and the program. So it's not crucial for it to depend itself in the way some malware does. Essentially, if you remove the malware itself, you will never be able to decrypt your files.

3. If you pay the ransom the files are decrypted- this malware is designed to make money, and the best way for that to work is that it keeps it's side of the 'bargain' and decrypt as promised.

4. Conventional anti-virus software applications are powerless to prevent infection – but it can be stopped. There is a tool that will block CryptoLocker and prevent it running- this tool also can prevent other malware too.

5. So called 'drive-by' infections are normally caused by outdated versions of JAVA. This isn't actually essential and can be totally uninstalled, but for a better and more secure Web experience older versions should be removed and the latest version installed.

Note that versions prior to Version 6 Update 20 added to, rather than replaced and updated, the JAVA versions installed- so a lot of computers will have several versions installed- this can be as many as 20 on some of the computers I've fixed.

The main reason JAVA updates are released is to fix security holes, rather than the add new features.

6. System Restore is NOT a valid malware removal method and will often cause more problems than it fixes. I would not suggest to people that they try it, but there are methods that the 'casual' computer user can easily use that won't potentially make things worse. As this malware only damages specific file types the use of System Restore is not necessary anyway.

If you want to expand on this then give me a ring- I can easily show you the tool and why it works. I've seen this malware first hand as several customers have been infected with it- so it's important to give people precise and clear information about this new kind of threat.

I'm actually really good at removing infections and can remove all malware without data lost or the need to reinstall Windows, but this CryptoLocker is a new direction for malware. It's trivial to remove, but the data it attacks is lost unless the ransom is paid.

I would, of course, advise never to pay. A regular backup of important files that's kept offline renders CryptoLocker impotent anyway- so simply copying data onto a couple of Memory Sticks that are kept in a drawer solves this.
Nic Bunting
Nic Bunting Computers

This article is from our news archive. As a result pictures or videos originally associated with it may have been removed and some of the content may no longer be accurate or relevant.