All computer users, from home users to professional information security officers, should back
up the critical data they have on their desktops, laptops, servers, and even mobile devices to
protect it from loss or corruption. Saving just one backup file may not be enough to safeguard
your information. To increase your chances of recovering lost or corrupted data, follow the 3-2-1 rule:
3 – Keep 3 copies of any important file: 1 primary and 2 backups.
2 – Keep the files on 2 different media types to protect against different types of hazards.
1 – Store 1 copy offsite (e.g., outside your home or business facility).
What to use: hard disk, usb thumb drive, cd, dvd, floppy, solid state drive, the cloud??? The the answer depends on your particular situation and needs. If you need assistance, Computer Guy Consulting can help you or your business figure it out. Don’t wait for disaster to strike. Backing up is way easier than emergency data recovery!
What is CryptoWall?
CryptoWall is a file-encrypting ransomware program that was released around the end of April 2014 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. The media is commonly confusing CryptoWall with the CryptoLocker infection, when it is much more similar to the CryptoDefense ransomware. The most apparent similarity being that CryptoWall’s Decryption Service is almost identical to the one for CryptoDefense. In October 2014, the malware developers released a new version of CryptoWall called CryptoWall 2.0. This new version included some additional changes that are described in the next section.
Cryptowall is spread via drive by downloads or attachments on phony emails.
When you are first infected with CryptoWall it will scan your computer for data files and “encrypt” them using RSA encryption so they are no longer able to be opened. Once the infection has encrypted the files on your computer drives it will open a Notepad window that contains instructions on how to access the CryptoWall Decryption Service where you can pay a ransom to purchase a decryption program. The ransom cost starts at $500 USD and after 7days goes up to $1,000. This ransom must be paid in Bitcoins and sent to a Bitcoin address that changes per infected user.
Cryptowall is really problematic because all your data on your computer as well as your office server can become unavailable for all the users in the entire office. Your two remedies are to pay the ransom or restore data from back ups.
In real world experience I have restored data via back up. It is generally possible to decrypt the data with the key if you pay the ransom. In either case it is a lot of effort to recover from the infection because you have to then make sure all the affected pcs and server are cleaned up properly.
Prevention is worth a pound of cure. Having your pcs set up to avoid cryptowall is possible. Having your data backed up is for sure the best approach. If you need help with your office technology needs feel free to call Computer Guy Consulting for a quick consultation on the phone.
Here at Computer Guy Consulting a lot of data recovery is done. Why because hard disk, flash drives, and SD cards sometimes fail. Sometimes people cause their own problems by accidentally deleting important files. Malware and ransomeware can also render your data unusable or deleted.
Make sure that you have at least 3 copies of important files. First copy should be in your documents folder. Second copy should be on a usb drive that isn’t always connected to your pc. Have a third copy off premises by using a cloud based back up product like Mozy or Carbonite. It’s difficult to lose all three copies of your data using this method.
If you have a small business this 3-2-1 back up strategy becomes even more import. You will have multiple people working on multiple important files. You will have multiple chances for things to go wrong. Having a consultant make sure that your data is secure provides a lot of peace of mind.
Computer Guy Consulting offers all things data related. If you are unsure of your home or business data status contact the Computer Guy for a consultation. Don’t wait until it happens to you, prevention is a lot easier than disaster remediation!
How much time and energy do you have invested in your: contacts, database, photos, spreadsheets, word documents, emails, etc? For most of us a lot of effort is tied up in those files. Could you afford to lose them? Most would say no. What’s your data worth to you?
Here in the Tucson area Computer Guy Consulting does data recovery frequently. PC’s crash, hard disk die, hardware is stolen, malware destroys data. Most customers have little to no back up of most data. Don’t make an excuse about why you can not do it. Copy files once a month to an external hard disk drive. Let us set up an automatic back up system for you. Both solutions are significantly cheaper than having to pay for data recovery.
I am going to paraphrase a really good article from the Kentucky Commonwealth Office of Technology’s monthly newsletter.
Getting pop ups telling you your pc is infected! If you click here and pay $29.99 or $39.99 and we will clean your system. Watch out this is some fake antivirus or antimalware scam.
How do you get this infection? You clicked on a bogus link in a webpage or maybe you clicked on a pop-up. It all looks real and legitimate. This link or pop-up convinces you to click and the bogus software will disinfect and/or protect your system. Some website can infect you just by visiting the site. Hacker and Porn sites are famous for this.
Bad news is your antivirus and antimalware usually don’t offer much protection because they are reactive. This means the newest malware isn’t detectable because the security vendor hasn’t had time to place a signature put in to the malware definitions.
What’s going to happen?
Hard to say. Maybe you won’t notice any issue for days or weeks. All of sudden the computer is slow as sin and your internet connection is “talking” like crazy. You could be giving your keystrokes to a Russian gang. Your browser no longer takes you to google.com when you click on the homepage button. Maybe a trojan horse is installing some hackers program to take control of your system. If you operate the pc in an administrative account (as most users do!) the malware has rights to do just about anything to your system. All manner of changes to your system will now make it down right impossible to remove the rogue program(s).
What can I do for protection?
1 Patch your OS, browser, and various software to keep it updated.
2 Keep your current security software updated and active.
3 Don’t click on any pop-ups for security software.
4 Limit active X and scripting in your browser preferrences. Seek professional help with this from a computer repair shop or a consultant.
5 Back up. Sometimes a bad infection will require a complete reformat and reinstallation of your hard drive and OS.
6 Run your updated antivirus and antispyware at least weekly.
If you are concerned that any of your network pcs may be compromised give us a call. We do small business IT support so you don’t have to!