Virus ransoms business files

MATT RILKOFF
Last updated 16:47, December 12 2013

Two New Plymouth businesses have been hit by an aggressive computer virus encrypting their computer files and demanding a ransom if they want them back.

Called Cryptolocker, the trojan "ransomware" virus arrives as an attachment in a legitimate looking email. 

Once opened on one computer it encrypts all files, including those on shared networks, potentially crippling a company's computer system. 

"We've had a couple of businesses in town get it. It comes through on a zip file in an email. Some say there is a package waiting for you. Some emails seem to be from your phone voicemail service," Janko Computers service technician Gareth Evans said. 

Once opened the executable file encrypts everything on the computer.

Photos, word documents, spread sheets, music, video - nothing escapes.

 By the time people realise what it happening it is finished and it cannot be reversed, Mr Evans said.

 The computer user is then sent an email demanding payment of about $500 within 72 hours if they want the "key" to release their files. 

Fail to pay on time and the ransom increases.

Fail to pay altogether and the files will be locked forever.

Ad Feedback

It is this twist that makes it one of the most aggressive computer viruses yet seen.

However Mr Evans recommended against paying to get files back as it was not guaranteed the "kidnappers" would honour their side of the deal.

"Really your only hope is to have a really good back up. Businesses should be backing up their files at least once a day. Home computers should be backed up weekly," he said.

Once infected systems could then be wiped and reinstalled with minimal loss of data and time.

New Plymouth Police Senior Sergeant Thomas McIntyre said a police department in the United States of America was infected by the virus and forced to pay up and thousands of computers had been encrypted worldwide.

There was little police could do for New Zealanders whose computers became infected, he said.

 "Because the offences are committed from outside of New Zealand it is very difficult for New Zealand Police to investigate and arrange for prosecution of offenders, should they be identified."

Mr McIntyre warned against opening any email from an unknown source.

It is not known who is behind the Cryptolocker ransomware or where they are based.

For now Cryptolocker is only attacking Windows computers.

 - © Fairfax NZ News

Comments