It is an IT nightmare: Businesses hit with the CryptoLocker malware find their electronic files locked up inside strong encryption and the extortionist operating the malware botnet demanding money to give them the security key that would let companies get their data back.
What do you do to escape this crypto hell of ransomware? A few corporations here detail their experiences with the nasty malware and say in many cases back-up and restoration was their only way out.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in InfoWorld's "Fight Today's Malware" Shop Talk video and Malware Deep Dive Report. | Learn how to secure your systems with InfoWorld's Security Central newsletter. ]
"My shop manager was trying to open a file and his computer kept coming up with an encryption error," says Chris Albrecht, officer manager at W.C. Machine & Tool, about the shock of finding out CryptoLocker had struck the metal fabrication and engineering firm he works at. "We tried other files on the network," including those in a storage server, but they, too, all appeared to be inaccessible. "It all came out of the blue."
What happened a couple of weeks ago at the Chandler, Ariz.,-based W.C. Machine & Tool is that someone there opened an e-mail with CryptoLocker in the attachment. The ransomware then aggressively spread to infect Windows-based computers and encrypt files wherever it could.
W.C. Machine & Tool immediately contacted its IT services provider, Mytek Network Solutions, and an account manager there, Theo Soumilas, says it was evident that tens of thousands of files were encrypted so W.C. Machine & Tool couldn't access them. At one point, there was some kind of extortion message asking for money in exchange for the encryption key, but nobody advocated going along with that.
The decision was made that it was necessary to basically "dump" the entire encrypted file contents and re-make the network file installation through back-up and restoration. W.C. Machine & Tool does daily back-up with its cloud provider, Axcient, and the restoration was completed over several hours one weekend.
Another Axcient customer, the Washington, Pa.-based law firm of Yablonski, Costello & Leckie, had a similar unsettling encounter with the CryptoLocker ransomware over the last few weeks, too.
As far as the law firm can discern, says attorney J. Scott Leckie, it all started when another attorney for the firm was on his home computer, logged into the corporate network, and apparently opened an e-mail attachment containing CryptoLocker.
"All of a sudden his laptop went black," says Leckie. Then suddenly others at the law firm were locked out of their Windows-based computers, too. The law firm called its tech-services support firm, Ceeva, and "we said, something is wrong here, we don't know what," says Leckie.