How to catch crypto locker seems to be the million dollar question. It is sneaky and well disguised. The Crypto Locker virus is often sent as an attachment to an email. Federal Express, DHL, UPS, etc. may appear to be the sender. It’s actually a phishing scheme and the file looks like a legitimate PDF document. It is actually a program that installs Crypto Locker. It could also come from clicking a malicious link in the email or on a Website or via a known vulnerability in older versions of Java or Adobe Reader.

I Think I May Have The Virus

If you think you have the Crypto Locker infection:

  1. UNPLUG the Ethernet cable from your computer (the cable with the connector that looks like an oversize telephone cord plug) – the encryption process needs on an internet connection
    to acquire it’s encryption key.
  2. If you are unable to unplug the Ethernet cable, close all of your programs and then press and hold the power button on your computer until the screen goes black. This takes 20 or 30 seconds.
  3. If steps 1 and 2 fail pull out the power cord.
  4. CALL FOR SUPPORT IMMEDIATELY – do not attempt to continue working on your computer – the longer you wait, the easier it is for infections to embed.

If you have received a pop-up it may be too late to to repair the documents yourself. You will have the option to pay the fine within 96 hours. The hacker will send the necessary code to remove the infection. Even if you do pay the fine you may not retrieve all the documents, and the key may not work. Remember…we are dealing with criminals. Do not remove the ransomware if you wish to pay the fine. If you do the documents can not be repaired.

The better option is to remove the virus (see the references below). Then restore the latest clean backup. Backup programs that just keep current copies of your files will overwrite the good files with the damaged ones. Carbonite, Dropbox, Mosey and Google Drive are examples of this. Keep in mind that following HIPAA best practices you shouldn’t be using some of these to store ePHI.

How do I prevent the infection?

Best practices for preventing malware infections, include the following:

  • Keep your virus definitions current.
  • Periodic scanning for viruses.
  • Install updates to your operating system and programs
  • Be very careful about opening attachments to emails.
  • Avoid questionable websites.

No matter how diligent you are, one may still slip past your anti-virus program. Your antivirus cannot control the users and what they click on. The most important thing is to backup and archive your data.

Test your backups on a regular basis. (also a HIPAA requirement).