Wednesday, March 26, 2014

URGENT WARNING TO WINDOWS USERS AGAINST BLACKMAIL

A designer friend of mine has just been hit by a particularly nasty new phenomenon: rasnsomware. After innocently opening an email that apparently came from Her Majesty's Revenue & Customs (HMRC) the UK tax authorities about his online tax return, he found that access to all of his files (including his accounts and pdfs of plans for clients) was impossible: none would open, they had all been replaced by a new encrypted version.

He then received an email from cryptolocker demanding $500 in bitcoins to unlock the files. Failure to pay within 24 hours would, he was told, result in destruction of all files. 

My friend backs up his files onto an external drive but the backups were also inaccessible. 

As the day progressed, further emails arrived from CryptoLocker bringing the news that the price had now risen to $1200. After briefly considering paying the blackmailers, my friend contacted a local London company called Computer Angels who managed to recover the files (for £80) from previous backups, so the story ended well. 

But there are some very clear lessons for anyone using a computer...

  1. Backup everything, making sure that your backup system keeps all versions. The virus only encrypts the current version. Dropbox offers this service as one of its paid options. Ideally use Cloud-based backups The Eastman's blog post below lists other options and includes some fascinating comments.
  2. Use a Mac or Linux computer and avoid Windows. The virus is currently unable to affect these sysrtems. (I'm a Mac user)




2 comments:

  1. Abandoning windows is a bit drastic. I would make 2. never open email attachments unless you are certain where they came from and that they are safe e.g. JPG or PDF and not ZIP, EXE.

    ReplyDelete
    Replies
    1. Very fair. I wasn't really suggesting that everyone abandon Windows. The real key lies in backing up properly. You're right of course about being careful what you open, but the risk of one of your team doing so (depending on the size of your organisation) is always there, esoecially when - as happened to my friend - it was a convincing looking email.

      Delete