Yesterday was one of the most stressful days I can remember for us at ClickIT computer repair.
A long-time customer, a lawyer in Chagrin, came to us on Monday with the Cryptolocker virus on her laptop. It is a really bad worm that gets into your system when you open up a deceptive attachment to an e-mail. It encrypts and locks your data, and then says the only way to get it unlocked is to pay them.
This malware is commonly known as “extortion-ware” or “Ransomware” and has been around for years, except that now they really DO hold you hostage. It’s the first virus of this type that we’ve only run into once before, but that’s because this strand is new. In this case, if she didn’t pay $300 in 72 hours, the encrypted data would be lost.
The first customer we saw this with didn’t care much about the data on that computer, so we just wiped out the virus, cleaned it up and restored it to working order – without the data which was wiped out by Cryptolocker. Our lawyer friend however was in a much different situation – the data on this laptop runs her entire business — and as she explained to me, if it was not recoverable, she “might as well close” her doors.
As a recently introduced virus, I myself had no experience with Cryptolocker, so I needed to do some research. Our technicians on the other hand, had already done research on Crytolocker when it came into the store that first time. They said it was “real”. They said it was a real threat and not a “fake” threat, like the FBI virus. In that case, we just clean the computer and it’s gone. Well, I dug up some articles and sure enough, it’s very real. The problem was, by the time we got the computer on Monday, valuable time had already slipped away, and we had just until 5 PM on Tuesday to get it taken care of.
We had to pay Cryptolocker $300 either by using Bitcoins or GreenDot, a prepaid debit card.
I got the call from a technician at ClickIT saying that the GreenDot card needs to be paid in cash ($300) and suggested I myself go to CVS where they’re sold. They require cash for the GreenDot debit card at the register. So I went to the bank, took out the cash and walked over to CVS in the Village. This was after I stopped by and saw the customer to personally assure her that I was taking this virus on as a personal mission.
Now getting to use a GreenDot card, after you’ve purchased it at the store, requires that you set up an account online, where you must give away all sorts of personal information, including your social security number. (I have a rule – never put your social security number in the hands of an online service you don’t personally know for certain is secure.) We found a volunteer who allowed us to use his personal information, because when we tried to give the GreenDot system fake information, this card’s website didn’t accept it. To make a long story short, this exercise of getting this card purchased and then registered online, took a good hour or two. It wasn’t pretty. Finally, we did get the debit card registered so we could use it, but when we were ready to unlock Cryptolocker, the GreenDot website told us that what we had was a “temporary” card and the real one would be mailed in three days. The temporary card could not be used for online purchases. We had spent $300 and all this time for nothing. Lesson learned.
The next alternative was to use bitcoins. Now if you don’t know about bitcoins you should. It is a digital means of trade that is a method to pay for things on the Internet. You trade bitcoins like any currency, online. You can learn more by going to http://bitcoin.org/en/.
The problem was, we didn’t have any bitcoins. We ended up spending the rest of the afternoon calling friends we knew who had them, while trying to register at sites that accepted credit cards for purchasing bitcoins. On both these fronts we failed. Anyone we knew who had bitcoins only had incremental amounts, not the $300 required. We needed to purchase 2 bitcoins for approximately $420, which was the going rate that fluctuates by the minute, depending on demand and supply – over $200 a piece now. All the while we were seeing the time tick down by Cryptolocker. The problem we found was that once we got registered at a new bitcoin marketplace site, which was an arduous task in itself, the site either wouldn’t allow us to use a credit card – only a bank account, and would not deposit any purchased bitcoins for 7 days. Crazy! The one site we did find which would let us purchase the bitcoins for use immediately didn’t have any bitcoins “in stock”, so that too was a dead-end. We learned through this exercise that the price of bitcoins was being bid up because of this virus.
Bottom line: We failed to meet the deadline set by Cryptolocker. We had about two hours left when we decided to implement plan B. Plan B was to wipe out the virus and recover what we could. We believed this process of cleaning the computer would lose about 3 weeks of data, best case.
Well today, after running all our tools, I will find out if we were able to recover as much of our customer’s data as we had hoped.
At ClickIT, I decided we would have on hand either bitcoins or a prepaid credit card, so that we would be able to use it in times of a ransonware emergency like this one. So if you are unfortunate and get this nasty, expensive virus, you can come to ClickIT in Chagrin Falls and if the data is as important as this customer’s was, then we would have the means to pay the ransom on your behalf.
The way you combat this particularly nasty (and potentially expensive) virus is to be sure you have a “detachable” back-up program in place. At ClickIT, we provide a drive-swap back-up, pick-up and delivery program for many merchants in the Village. I highly recommend this for every business. On-line back-up solutions will not prevent this virus from locking out your data because it’s “connected”. The best solution is ClickIT’s drive-swap program.
Call (440) 247-4998 to schedule an installation.
We’re giving a special discount to merchants in the Village of Chagrin Falls. (See http://bit.ly/1cptrR7.)
If you want to learn more about this malware Cryptolocker, I’ve listed some recent links below:
- Recent NBC Newscast Video: http://www.bing.com/videos/browse?mkt=en-us&vid=bc0ccc6d-312a-4c12-9278-6866b212f539&from=sharepermalink&src=v5:share:sharepermalink