Well, here we go again … the latest Ransomware virus is out. It is called CryptoDefense, and is yet another virus that encrypts your documents (including pictures, music, Quickbooks files, etc.) and holds them hostage. The virus itself is not difficult to get rid of; most malware scanners and anti-virus programs can detect and remove it. Malwarebytes is the preferred removal tool. The problem is that there are only three options regarding recovering your data: option 1 is to simply lose your data forever; option 2 is to pay the ransom (currently $500.00 worth of BitCoins;) or option 3, which is to remove the virus from your system and restore your data from an un-encrypted backup. Unfortunately, the virus turns off the Shadow Copy function of Windows when it installs, so only an external or online backup can restore your files. I cannot stress enough the importance of backing up your data!!! It is inexpensive and can save your irreplaceable personal or business data. Online backups with Carbonite have already saved two of my clients.
If you are unfortunate enough to contract the CryptoDefense virus, you should immediately do the following:
• Turn off your system and disconnect it from the network.
• Check the status of any or all backups of your data.
• Contact Frankenstein Computers for virus removal and data restoration.
Removing your system from the network is very important because, while the virus does not “creep” the network to install on other systems, it does “creep” the network for more documents and data to encrypt. The last client of ours to contract this virus not only had the PC files encrypted, but the virus tunneled through a network drive to the server, and encrypted the entire company repository of files. In the instances we have dealt with for our clients, the virus was contracted by clicking on a banner ad posted in an online email account (AOL and Gmail). Do NOT click on banner ads in your online email!!!
I hope this helps…