The worst virus Ducktoes has ever seen, Cryptolocker, has been stopped, at least for now, and maybe for good. We’ve had a few clients infected with it. The worst affected was a woman who lost her family photos. She didn’t want to pay the cybercriminals for decryption so decided to lose the photos instead. Another was a lawyer’s office but I was able to disconnect all the computers from the network before it spread so they lost only one user’s files. Another was a business who called in the middle of the night and I happened to be up. I told the client to shut down all her computers until I could get there early in the morning. The data loss from those two clients was minimal. Another business client had the virus and lost his files but had them backed up so was able to recover them.
The main suspect behind this virus and its sister virus “Gameover Zeus” according to the FBI Wanted Poster is Evgeniy Mikhaylovich Bogachev. Bogachec a thirty-year-old Russian man living in a Black Sea resort town, according to the Globe and Mail and other sources.
What made the virus so bad was that there was no way to unencrypt the files so the clients would have to pay for the decryption key or lose their files forever. Also it was highly contagious and would infect all other computers on the network. At businesses this can be devastating. In our computer repair lab, we had to put all infected computers in quarantine on a completely separate network.
The RCMP in cooperation with the FBI has shut down two servers in Montreal that were used to spread the two viruses Gameover Zeus and Cryptolocker. According to a Globe and Mail article, “As part of a major crackdown in a dozen countries against Russian cyber-criminals, the RCMP has shut down two computer servers in Montreal that were part of a network that extorted millions of dollars from businesses and consumers.
The operation disrupted malicious software called Gameover Zeus (GOZ), which has infected up to a million computers around the world and caused losses of more than $100-million (U.S.).”
Gameover would get computer users’s bank account information and withdraw or transfer money to the cybercriminal’s account. It also would infect the computer with Cryptolocker which encrypts the client’s files such as business data, personal records, photos, and videos. Some businesses lost a fortune without their files. Many clients lost all their family photos.
According to Grinler of Bleeping Computer, Cryptolocker was downloaded in infected pdfs purporting to be from Fedex, UPS, tax companies and other business related companies.
Other servers were in Ukraine and Kazakhstan, besides the ones in Montreal.
At Ducktoes we can remove viruses like this one and restore and fix your computer back to normal in a computer repair lab. We can also prevent viruses like this in the first place with our anti-virus cocktail.