Crypto Virus Information

A new virus is circling the globe that Encrypts your data and then ransom's your machine for money to get your files back!  Most of these are spreading through emails that say you have a package that was not delivered or an invoice is attached in a form of a zip file and when you download it and open it, your machine gets infected and it encrypts all of your data.

    Their is NO WAY to de-crypt your data if you get encrypted!  Unless you have a full backup your data might be lost forever!  I have even seen that this virus also encrypts your backup device that is attached to your computer (USB drive) so that backup is also useless.  It also looks for mapped drives and encrypts them also.  Which can include data on your server or shared machines.

    So what can I do to help prevent this.  Know what file types your files are before you open something that is sent to you.  Below is a long list of files that can be safe or NOT safe.  If you have trouble with this information and can't figure it out please contact me and I can help you with this.

A file extension is the part after the file name.     Example:   readme.pdf     Most people know about a PDF document  If a document is called readme.pdf  you can see the extension is a .pdf.    Your computer might be set to hide extensions but if you right click a file and go to properties it should show the extension.  (you can also turn on extensions in the control panel under Folder Options | View | remove the check from Hide extensions for known file types)

Also be aware virus will mask them selves by hiding the extension in a double extension    Example: readme.pdf.exe

This is usually how they get you!

 

Updated Info


IF YOU ARE NOT SURE IF AN ATTACHMENT IS SAFE, SAVE A COPY TO YOUR DESKTOP BUT DO NOT RUN IT.  THEN UPLOAD IT TO THIS SITE TO SCAN IT TO SEE IF IT IS A VIRUS.  NOTE IT CAN TAKE UP TO 3 DAYS FOR VIRUS SOFTWARE COMPANY'S TO CATCH UP WITH A VIRUS.

WWW.VIRUSTOTAL.COM


TO READ MORE ABOUT THE CRYPTO VIRUS YOU CAN GO HERE

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information


THIS GUY HAS A PROGRAM THAT IS SUPPOSE TO HELP PREVENT THIS VIRUS, BUT I HAVE NOT TESTED IT AS OF YET AND I'M SURE THE VIRUS PEOPLE WILL FIND A WAY AROUND IT

TO DOWNLOAD A TOOL TO POSSIBLY PREVENT THIS GO HERE

GOTO THE BOTTOM OF PAGE FOR LINK:  http://www.foolishit.com/vb6-projects/cryptoprevent/


P.S. I know of one customer that pd the ransom ($300) and did get their files back.  I have also heard that our government is shutting down the servers that collect the ransom and if  your ransom server has been shut down their will be no way to decrypt your files. 
BACKUP, BACKUP, BACKUP..... and don't keep the backup device attached!


Extension And Their Definitions

These Extensions are safe
.gif .jpg .jpeg .mpg .mpeg .mp3.pdf .tiff .tif .txt .wav

These Extension are some what safe. Some of the office Files can have Scripts that can cause a macro virus that is attached to also get run. Use Caution when opening them.
.odt .odp .ods. .docx .xlsx .pptx

Office Macros
.DOC, .XLS, .PPT – Microsoft Word, Excel, and PowerPoint documents. These can contain malicious macro code.

.DOCM, .DOTM, .XLSM, .XLTM, .XLAM, .PPTM, .POTM, .PPAM, .PPSM, .SLDM – New file extensions introduced in Office 2007. The M at the end of the file extension indicates that the document contains Macros. For example, a .DOCX file contains no macros, while a .DOCM file can contain macros.


A zip file can be used to deliver a virus or Crypto program to you and contains other files.
You should not open a zip file unless you absolutely know it is from someone you know and you were expecting it. Other than that you should not open it. Call me if you are not sure 1st.
 

DO NOT OPEN A FILE WITH THESE EXTENSIONS UNLESS YOU ARE TRYING TO INSTALL SOMETHING, AND YOU WERE TOLD TO OPEN IT.

THE MOST DANGEROUS FILE TYPES ARE:
.exe .com .pif .bat .scr

PROGRAMS:
.EXE – An executable program file. Most of the applications running on Windows are .exe files.

.PIF – A program information file for MS-DOS programs. While .PIF files aren’t supposed to contain executable code, Windows will treat .PIFs the same as .EXE files if they contain executable code.

.APPLICATION – An application installer deployed with Microsoft’s ClickOnce technology.

.GADGET – A gadget file for the Windows desktop gadget technology introduced in Windows Vista.

.MSI – A Microsoft installer file. These install other applications on your computer, although applications can also be installed by .exe files.

.MSP – A Windows installer patch file. Used to patch applications deployed with .MSI files.

.COM – The original type of program used by MS-DOS.

.SCR – A Windows screen saver. Windows screen savers can contain executable code.

.HTA – An HTML application. Unlike HTML applications run in browsers, .HTA files are run as trusted applications without sandboxing.

.CPL – A Control Panel file. All of the utilities found in the Windows Control Panel are .CPL files.

.MSC – A Microsoft Management Console file. Applications such as the group policy editor and disk management tool are .MSC files.

.JAR – .JAR files contain executable Java code. If you have the Java runtime installed, .JAR files will be run as programs.


SCRIPTS
.BAT – A batch file. Contains a list of commands that will be run on your computer if you open it. Originally used by MS-DOS.

.CMD – A batch file. Similar to .BAT, but this file extension was introduced in Windows NT.

.VB, .VBS – A VBScript file. Will execute its included VBScript code if you run it.

.VBE – An encrypted VBScript file. Similar to a VBScript file, but it’s not easy to tell what the file will actually do if you run it.

.JS – A JavaScript file. .JS files are normally used by webpages and are safe if run in Web browsers. However, Windows will run .JS files outside the browser with no sandboxing.

.JSE – An encrypted JavaScript file.

.WS, .WSF – A Windows Script file.

.WSC, .WSH – Windows Script Component and Windows Script Host control files. Used along with with Windows Script files.

.PS1, .PS1XML, .PS2, .PS2XML, .PSC1, .PSC2 – A Windows PowerShell script. Runs PowerShell commands in the order specified in the file.

.MSH, .MSH1, .MSH2, .MSHXML, .MSH1XML, .MSH2XML – A Monad script file. Monad was later renamed PowerShell.

SHORTCUTS
.SCF – A Windows Explorer command file. Could pass potentially dangerous commands to Windows Explorer.

.LNK – A link to a program on your computer. A link file could potentially contain command-line attributes that do dangerous things, such as deleting files without asking.

.INF – A text file used by AutoRun. If run, this file could potentially launch dangerous applications it came with or pass dangerous options to programs included with Windows.

Other
.REG – A Windows registry file. .REG files contain a list of registry entries that will be added or removed if you run them. A malicious .REG file could remove important information from your registry, replace it with junk data, or add malicious data.


If you can't find an extension try here http://filext.com/