It's been six months since I've written a journal post, sorry about that - I've been pretty busy!
But, onto more important matters, I wanted to take a moment to warn you all about Cryptoware/CryptoLocker.
I was hit with it out of the blue just last month and, for awhile, I had been going around in circles trying to figure out what it is, if there's a way to fix it, or how to prevent it.
It's been hell, it really sucks and I can't emphasize that enough!
**I'm going to talk about how it affected me and I'll give you some basic tips on what to do to help yourself, but if you'd like to do some more thorough reading, you can check out Wikipedia and the articles from Geek Squad HERE and HERE.
If you have any additional questions, I strongly recommend you visit a Geek Squad unit in your area to help you!
+ . + . + .
CryptoLocker is another form of Ransomware, which is a program that sneakily installs onto your computer and holds it hostage in exchange for payment through Bitcoin. However, unlike most other malware/ransomware junk, CryptoLocker CAN'T be removed through a system restore (picking a restore point on your PC and having junk files erased and reset at an earlier 'healthier' date).
Also, unlike other Ransomware, CryptoLocker encrypts all of the data on your PC.
And, even worse, at this point in time - there is NO fix/patch for it, yet.
If you get it, you're pretty much screwed.
CryptoLocker is designed so that it actually deletes the shadow copies of your data (the files that you'd still keep if you normally do a system restore, they'd be all gone) which prevents you from saving your data. What you have on there when CryptoLocker infects it is at risk.
**I'm still not a 100% sure how I got infected.
It's been said that CryptoLocker is disguised as a PDF file and placed in an e-mail.
I don't know if I contracted if from visiting a website, or if I got it from one of the small online stores I go to - or even from a friend, somehow.
Now, I'll explain how it manifested for me.
All I can recall, is that I was using the internet normally, up until very recently I visited a wig shop for cosplay wigs - wigsecret - which had always been fine for me in the past (But this was before CryptoLocker was invented back in early 2013/2014, so it wasn't as widespread, who knows?). I e-mailed them about a wig and got a response. The next day, everything started going wrong from there.
I kept getting a popup that said that it was a Microsoft Windows update but, oddly, the name in the publisher category was 'pulizia'.
(Later on, I did a google search on it and realized that it was bringing up sites in Italian and there were a lot of malware warnings)
At first, I tried to cancel out on the update and ignore it, but it kept popping up. Thinking that it was necessary, I clicked 'ok' and let it run. It ran, but it took nearly twenty minutes, then another popup came and said there was an error - a piece of the file was broken or missing.
I got a weird feeling about it, so I instantly did a system restore - because it usually works with spam, viruses/pop-ups - and by that point I was tired and it was late so I shut it down.
The next day that I woke up, I browsed the net like normal, for awhile...
I was trying to play my music, and none of the files worked.
The files were changed in such a way, the video/music players couldn't read them, so they didn't play.
I went to check on some of my documents, they were all encrypted - all zeroes, lines, and numbers.
I couldn't read them at all.
None of the videos I had worked either, and a number of my photos were broken, too.
The broken photos came up as blank when I tried to view them - but some were still view-able.
I freaked out, of course...
I did some looking around, and bit by bit it started making sense.
So, I know that the laptop is infected, and I lost pretty much everything.
I wouldn't be so upset if it wasn't for all the documents and photos, those can never be replaced!
Whatever was able to be salvaged has been moved into e-mail drafts, and I plan to - hopefully - get them moved onto my new laptop. I mean, it's possible that I could take the laptop in to Geek Squad to get it wiped, but I didn't trust it - so I got a new one, but it isn't up and running, yet.
The games I had on there, still worked, they weren't affected.
And, post-infection, I am able to write new documents and get new downloads - which means that only the stuff that was already on the PC before the CryptoLocker kicked in was in trouble, but NOT newer stuff. If that helps any?
I wish that I knew how it happened, but I doubt I'll ever know.
I'm not entirely sure how to prevent it in the future, but I've got some ideas that might help...
To help prevent being infected:
-I've been told that, because I was using Internet Explorer as my browser, that helped make my laptop more vulnerable. But, supposedly Mozilla Firefox and Google Chrome might do a better job at preventing Cryptoware attacks. Maybe?
I'll be switching browsers then, better safe than sorry.
-It's always a good idea to back up your data regularly!
All your precious stuff, photos, videos, music, and documents, if you want to keep it, you better make copies on thumb drives, external hard drives, or SD cards. Maybe do this process once or twice a month, depending on how much stuff you move/download, and make it a good habit.
-Only go onto websites you know and trust. The same goes for e-mails, too.
Don't even bother opening spam or junk mail, delete it immediately!
**I've heard on a video on Youtube that the virus can be read as something-something.pdf.exe.
But, there's a space between the pdf and exe parts of the title, but I don't really understand it.
If your PC is already infected:
-DON'T listen to the popups on your screen!
Upon infection, you'll be told to pay a ton of money to an anonymous website through bitcoin so you can get a code to unlock your computer files. Remember, they're scammers and thieves. There's no guarantee they'll even give you a code to fix it and there's less of a chance of it working little to nothing for you. So, please, don't try to bargain with them and 'buy' back your data!
**You'll know if you've been infected by CryptoLocker if you see internet icons (Internet Explorer or Google Chrome icons that work as links to a website) in various folders. You can try to delete them, but it's too late, it'll do no good.
-DON'T put anything into the computer!
If you realize that the PC is infected, don't put in thumb drives, external hard drives, or SD cards - anything with memory space.
You'll run the risk of the CryptoLocker hopping from the PC onto the device, and, you run the risk of it hopping from the device onto another computer!
**I've been told by a Geek Squad person that if I'm able to move things from my PC to a draft file in my e-mail, it should be pretty safe to move over, but I haven't tested it yet and I AM nervous, either way. Single files are okay to move this way, but not whole folders, because it's the folders that are infected.
-It's not recommended to try fixing the problem yourself, you could end up making it worse if you're not an expert.
There are some guides that say they can help, but none of them work on CryptoLocker 3.0, it's too new for a fix right now.
**Three options for you:
-You can hang onto the computer until a fix comes out to reverse the effects, but that could be YEARS into the future.
-You could try taking it to Geek Squad and pay them (I got an estimate and it's around $100-$200 to do the clean up job) to completely wipe the computer. Then, you'll need to re-install everything and start your computer from scratch.
Though, I'm not sure how effective it is.
-Toss the infected computer and buy a new one.
And I don't mean to scare anyone by saying all this, but hardly anyone is talking about it. Which, in hindsight, might be a good sign that this isn't very common for people.
Still, I think people need to know about this so that they can prepare themselves for it.
I'm hoping that an expert, or the FBI, can do something about this so that it reaches an end that much quicker...
Good luck out there!