Cryptowall / Cryptolocker Attack FAQ


There is a dangerous virus/ransomware that is hitting many individual users and small businesses. This virus usually comes in through email. It requires users to click on attachments that look like .pdf files from shipping companies such as UPS, FedEx, etc. or from banks and other financial institutions. Once a user clicks the file, it installs and begins encrypting your important documents. Once a file is encrypted, it can no longer be readable without the decryption key, for which the hackers want to charge hundreds or even thousands of dollars for.

This malware will look at the local and network drives and shares, and will ENCRYPT files matching a set of extensions for common business applications. This includes office applications (Excel, Word, WordPerfect) and databases like Access and Foxpro.

Therefore your line of business applications could be directly or indirectly affected. For certain applications the damage is fatal to the indexes. The software ceases to function and no recovery short of a file restore is possible.

Corrective actions involve: (1) Removal of the malware from all infected computers, and (2) restoration from a prior backup of all the files that were encrypted.

It is also worth noting that in some cases, this malware is sophisticated enough to understand and bypass current anti-virus and anti-malware software. So even if the user is using strong protection that will not be enough.

Important take-away items...

BACKUP, BACKUP and BACKUP! And make sure you are saving important files on the network and not on your desktop. If your machine has been infected, the only way short of paying the ransom for the decryption key is to restore the file from an earlier backup, before it was infected / encrypted. So it is important that your backups are running every night - If you need assistance or have any questions regarding your backups, how to save to the network drives or suspect there might be something suspicious on your computer, please contact us - we can assist you.

NEVER open any emails or attachments from unknown senders or mail you are not expecting and / or seem out of place (i.e. banking emails to employees in shipping/receiving or shipping emails to the bookkeeping department etc.) If you see something suspicious, DO NOT OPEN IT! Please contact us by phone at 858-654-4080 or email and we can assist you.