Newest computer malware scarier than Halloween

By Robb Hicken/ BBB’s chief storyteller

Scary malware may be coming to your computer. This one is more terrifying than any virus before. This super scary malware infection is making the rounds: a type of ransomware known as Cryptolocker.

Unlike the FBI ransomware that locks your computer and demands money to unlock it, Cryptolocker leaves your computer operational – kind of. Your computer programs will continue to run, but Cryptolocker encrypts all your files.

The malware spreads through email phishing attachments (don’t click attachments in suspicious emails!) or botnets (if you don’t have antivirus software or haven’t kept it updated, your computer could be part of a network of hacked computers known as a botnet that criminals can use for all kinds of illicit activities).

While it locks up your files, the files exist, but they can’t be opened. That’s right. Any folder containing information is suddenly inaccessible unless you pay. The crooks are demanding $300 to give you a “key” to unlock your files. They are also asking for two Bitcoins, an online/digital currency. (Current exchange rate equals about $280).

You don’t want to get this one. If you pay, you may get the key. If you don’t, you may lose all your files.

People are paying the bad guys to get access to their data, and get a key. But remember, when you do this it will help them make meaner and more effective malware. These people are criminals. All they want is your money, so you may or may not get access to your files again.

The best defense in any of this is a cold storage back up – you can kill the malware and restore your files. By saving your files offsite,

Cryptolocker and what it can do is described in more detail on our blog: We’ll have a link there.

BBB offers the following advice to keep from being hit by Cryptolocker or similar malware infections:

  • Back up your files through ‘cold storage’. If you have a clean backup that the malware can’t reach, you can get your files back. If you back up your files with an external hard drive, don’t plug it into your computer unless you’re backing up. You can also pay for an online back-up service, but make sure the service isn’t mapped as a network drive or the files could still be affected.
  • Keep your operating system is updated. Updates often include added security protections. That also goes for browsers and add-ons like Java and Adobe Flash.
  • Use anti-virus software. Download reputable anti-virus software if you don’t have it already and keep it updated.
  • Use the cloud. Upload photos and other treasured files to services like Flickr or Picasa.
  • Use a filtered email service. Web-based email services like Google Mail block spam and will not allow you to receive or send email attachments with executable files in them.
  • Be careful what you click. Porn sites are common sources of malware, as are links sent by unfamiliar people through social media such as Twitter.


Filed under News You Can Trust

7 responses to “Newest computer malware scarier than Halloween

  1. Mark Burrows

    Actually, these days, it’s just as inexpensive to buy a used computer dirt cheap, and add an external drive for storage. Never under any circumstance hook this computer up to the internet. This is strictly for backing up all your data files and nothing that is email or site associated. When transferring data from your working computer to your storage computer make sure you disconnect the internet. Also to be safe, make sure your storage computer has current antivirus software programs. It will be a little tricky to update them without connecting your storage computer to the internet but it can be done.
    For example, I use Norton, which I purchase each year. I pay a little extra for use on multiple machines I own. So to put updates on non internet machines, I go directly to Norton’s site and download a complete copy which I am allowed to do because they have a record of my purchase and I can match the required information and security code. Then I must uninstall the existing program from non internet computer and reload the complete copy with the updates.
    How often you do this will only be relevant to how often you feel it is necessary to back up your user computer to your storage computer.
    The reason I suggest using a complete computer rather than just a storage external drive or online drives is the fact that your initial computer has been compromised, you really don’t have any idea what other creepy crawly bots have been attached to this malware and that it can leave all kinds of critters dormant in your registry.
    Personally, I can only wish I get chosen as one their targets. I have a few nasty reversal viral bombs in my arsenal that have never been used but others of their type have. It is a fight fire with fire project, and no. I can not share or give out copies or further information because beyond a doubt it will end up in criminal hands and abused, instead of being used to track them, freeze their systems so they can be apprehended and brought to justice. They can scream entrapment all they wish, but I am not a member of any law enforcement, I am not paid by an law enforcement or government agency. I simply point them in the right direction. They know enough not to look a gift horse in the mouth. Also, they know who I am and recognize all of my other efforts to bring a sensibility to protecting the concerns of consumers using the internet as well as trying to appeal to economical balance between low income which is embarrassingly below both the cost of living and the poverty, and the demands of the over wealthy capitalists, who are blind to the fact that they are obsessed with having more money and power than they need, they have pretty much tapped out the resource of their wealth. When they discover their business taking a nose dive and the horror of the thought that they might have to make a choice of spending their own personal money to survive scares them deeply. Fact,there are more personal assets sitting around in foreign bank accounts doing basically nothing, that it could put a sizable dent in the National Debt. Then on the other hand, The National Debt is a meaningless number and a federal scare tactic to make them look woefully broke. There is your biggest scam, and it is a global one.

    Mark Burrows

    • This is an excellent point. By keeping your information secure in an offline site you’re protected from most “lock up” malware.

    • Of a lot of responses I have read about these things, I liked yours and rank it very high. I too am a victim of an unknown, unnamed, unrecognized stealth like hijacking, parasitic infection, impersonation attack, etc. (or so I assume). People cannot realize how devastating this is, even with back up. Six months have passed and no one will either help (cuz all they want is money), figure it out, assist in reviewing captured data. You really r screwed, more so if you have not backed up your stuff. The stress and aggravation b/c of this just might put you under, really. I have lost all personal data, other people’s personal data, all files, everything. I have been literally taken over by an unknown remoter/keylogger and freaking thief. The 100’s of hours spend in reviewing and researching and telephone calls (all useless to BitDefender, MS, ISP, etc.). Before I almost gave up (I will not let this go), I had to involve law enforcement for MY PROTECTION. The maliciousness of others — saw fake profiles being set up under my name under different browsers with fake histories, etc. left me w/ no choice. Education here? Trust nothing you ever ever see, ever. Even after alleged “clean reinstall” it/they are back. I am not taking another hit here. Further education: police found so many encrypted files and “anti forensic” (computer) files it was crazy. Now, I am simply just pissed and will not give up this hunt. This crap I have seen so far is so sophisticated, it almost looks like a Snowden prophecy. I don’t have an education in CS, which makes it worse. Yet, what I have found so far, I already had a hunch on previously. Your advice is pretty much well grounded. Saw an article about CIA director saying last year that CIA/NSA can spy on anyone through their dishwasher was enlightening at best. If they can do it, so can others. My OS is Windows and boy oh boy, do I wish I had an Apple. PS, after this EPISODE, I will not store anything on my phone. That is even worse w/ all the permission requests and warnings — it is NOT WORTH IT. BTW – no official software, spyware, virus, malware (all anti of course), did not catch this MF. Beware.

  2. Mark Burrows

    As a result of the letter I wrote, I went out to price a storage computer, I had not done so, and have enough. Well, of course when I find deals, I don’t pass them up. I found a nice Toshiba Satellite laptop that was about four years old in a shop that specializes in used and repairing laptops. Since I am a customer in good standing, he had it priced for a hundred dollars, but he let me have it for eighty. Then I popped over to a store that had external drives on sale and picked up a 500 GB Western Digital drive for fifty dollars. So, for an investment of only one hundred and thirty dollars I have another computer system that I can not only use as storage computer, but it still is not bad as a remote system, or I just might spruce up the memory, tweek up the operating system and give it away to someone in my community who has need of a computer and can’t afford one.
    Uh, please, no requests here, I don’t live in your area, and instinct would tell me, that if you are asking for one, I would be curious to know to inquire if you didn’t already have a computer. Yes, yes, I know all the excuses, I only use internet cafes. Answer, well if you are so poor how does one afford to use internet cafes. Uh…..I sweep up and they give me free time. Oh, I see, then if you did have a computer, how does one afford internet service? Oh, I will just hang around places where it is free.
    This is all very amusing, but genuine people who need help have more pride and never dance around issues. They do not beg or make excuses to get anything, and are deeply and sincerely grateful when they get it and highly treasure what they receive.
    You want to find good deals and opportunity? Then get out there and look for them. Don’t try to take them from people who have already done the legwork. You see, that is the basic root of any con artist. Find a way to take without spending money. Yes, somewhere a con artist or a scam artist did do a great deal of work and put a lot of thought into their scheme, but the ironic thing, is their concepts are quickly stolen or copied by the lesser enthusiastic and lazy operators. The real geniuses of a con only get one crack at it if they are lucky, but more often than not their plans leak in the crime world and amateurs will be pulling the job before they blink their eyes.
    Now you know why scams, cons, shams, and all the nasty computer related incidents including viruses, adware, malware, bot bombs, and spyware is a world wide epidemic.
    It is up to us as consumers to learn ways to police the internet and defend ourselves. The sad part is it has become such an epidemic it has created too much paranoia to the point that our own freedoms and rights to privacy are being threatened by political intervention, going against the agendas of the constitutions and declarations of what makes free nations what they are.
    We need to stop this roller coaster. The governments and law officials should not have the ability to exchange our given rights to laws and policies that allows them to snoop around.
    Fine, if they have probable cause and reasoning, they are more than welcome to knock on my door with a written warrant by a judge to look at anything in my possession. If they do not find anything that is incrimination in the eyes of the law, then I should also have the right to take legal action against the aggressor of my accuser. Fair play. Not even the law should be beyond the law.
    I will always advocate, fight, and defend the consumer and end user. Both the terms consumer and end user have been abused and redefined to have other meanings.
    Let me be clear. Consumers are the purchasing public they are the ones seeking information on what is of fair value, fair quality, and fair cost. The end user is the consumer that has made the jump to make the purchase or acquiring a service. End users have a responsibility to report to the consumers either their satisfaction or disdain, but please, not through the manufacture’s site or distribution affiliates.
    For services or business behavior this is where The Better Business Bureau aka BBB comes into play. They are the go to guys for such concerns.
    Still my concern is that from what has become of overall attitudes, I fear that BBB hears more on the complaint side and less on the approval side. So please, contact your local BBB and let them know of any praise you wish to shower on a business, more important, the why and the circumstance. This is what community building is all about. This is why local business put that BBB sticker in the window and wear it like a badge of honor.
    I know I am a pain in the butt when I notice new businesses moving into older premises that still have the sticker in the window and I go in and offer to remove it for them and they tell me to get lost. I let the BBB know and they make sure it is removed. What can I say? If they tell me to get lost, it certainly was not a smile and a statement saying they have already been recognized by the BBB in a previous location. As I said, it is a matter of pride and attitude.
    Same thing in self protection using the internet, it is matter of pride, and you can only get that pride by educating yourself with knowledge and tools to protect yourself and your interests. With that pride comes confidence and desire to learn more and eventually, you will have absolutely zero trace of paranoia and can recognize red flags at a glance.

    Mark Burrows

  3. I have to respond to Mark’s last reply, kudos again. However, one should never put that much pressure on one’s self into the education part, as if failure occurs b/c of some one else, guilt and all that psychological stuff follows. Even after my 7 months and counting extreme distress (oh, ps “whoever” was able to control the landline communications as well), one of the few things I learned was to forgive myself. All the money in the world cannot buy the best software for anti-anything. Hell, I did not know that there even was “anti-computer forensic barred type of software.” In closing, BE OLD SCHOOL!!! Yes you read it right, DO NOT PUT YOUR FINANCIAL ANYTHING ON THE NET NOR CONDUCT ONLINE TRANSACTIONS WITH VISIBLE INFO. Hey, did you know if someone wipes out your bank account vis a vis cyber theft, YOU ARE NOT COVERED BY THE FDIC. YEAH, that’s right. You will be left destitute with no chance of recovery. That’s the short version, again, BEWARE.

    • Mark Burrows

      As it is, most financial institutes will offer encrypted protection specifically crafted for them by a major software manufacture, and will either include it with your account plan or sell it at a reasonable price. You can also go into your firewall and click off all of your in coming traffic except for the site you are using, for added protection. There are all kinds of such small security chores that will deter any online snooping.

      Mark Burrows

  4. Mark Burrows

    And to add to my concept, I just had a doctors appointment. When I enter the good doctor’s office he has the look of confusion while poking and stabbing at the screen of a laptop I’ve never seen in his office before. Recognizing his situation, I said, “Ah, got yourself one of those touch screen Window 8 jobs.” He looked surprised because there was no Windows Logo displayed. “How do you know?” he asked. “Because you look clueless and lost like most people using Windows 8.” He said he had no choice, He needed a computer in his office because they were updating the whole medical file and data structure to a Cloud system. That all the paperwork would be gone, and at his fingertips. “Yeah, right, you can’t even find my file.” He sighed and shrugged his shoulders.
    So I asked what operating system does he have on his home computer, and he said he was sure it was XP because that is what came up when he turned it on. I asked if he was comfortable with XP. He said he loved it. Then I told him to get on with the purpose I came in. Once that was done. I asked if he would stay after the office closed and I would come back.
    When I returned, I had the Toshiba, which I loaded up with an OEM Windows XP, the half gigabyte drive I bought and another Dell laptop with XP. I told him that as amazing as Cloud technology is, it still has it’s share of bugs and is far from being bulletproof from hackers as they claim. Not only that, it’s an internet system, anyone knows, it craps out from time to time. He needs to have a separate non internet backup device. His records are his trade, leaving it to the Cloud gods is too risky.
    I helped him set it up, of course I didn’t sit around and monitor the transfer of data, I just wrote down instructions and he could call if he did run into a jam. He stopped and said, “Wait, I didn’t ask for this, how much is this going to cost me?”
    I thought, then I said, “Basically I have about two hundred dollars out of pocket. Tell me what you paid for that laptop with Windows 8 and I’ll give you the difference and take it off your hands.”
    He decided he would have none of that and ordered me to wipe that Windows 8 laptop clean of everything on it and remove it from his sight as he never wishes to see it again. Done deal.
    Now I have a new laptop that I think I will put a Linux OS on and play around with.
    This is why I always preach. learn everything you can about how computers work, and the ins and outs of the internet. Self education alone is reward enough, but being able to pitch in and help here and there in your community just puts you at a higher level of elation.
    I did not seek to profit from that situation, I even offered to pay the difference in out of pocket money. The thing is my doctor saw a service and well we do have a friendship as peers, he was grateful for what I did and I also put him back into a comfort zone of XP.
    Mark Burrows

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s