Recovering from a crypto-lock virus attack on a single computer can be painful and a chore but when a virus hits your local network fast action is required. The Crypto-locker virus and variants are back, and in the wild right now.
Most people don’t open dodgy emails and run at least some virus protection. Unfortunately the emails don’t always look dodgy.
After the crypto-locker virus is installed
The computer is then locked and you can not login. All files are either encrypted or are simply destroyed. There are a number of variants and not all of them allow file recovery even if you do pay the ransom.
What do to do if you see this on a computer on your network.
- Disconnect the computer from the network immediately.
- If you have a backup disk attached to this computer or your server disconnect it
- On your server revoke permissions for the user that the computer belonged to to write any files to the server.
Accessing the damage caused by crypto-locker or crypto-locker variant
Locker viruses work ‘best’ on Windows Servers. All crypto-lock variants I have seen follow mapped drives to the server and propagate across the network destroying files and spreading the virus as it goes. Your server runs Linux and the server itself can not be infected by these viruses.
Do you need anything on this machine?
The fastest and safest thing to do is to wipe the machine and reload your operating system ( windows 7 or 10 ) If you had Windows XP then now is the time to upgrade and then recover from backup.
Recovery of a system infected by crypto-locker or varient
The recovery process is not easy and unless you must have access to the machine to recover data then a clean install is the best way.
There is a lot of information on the Web but they all require considerable effort and expertise to do. This site has a good breakdown of the steps to recovery.
Yopui Server protection
Your server works quietly in the background appearing to do very little. This is how it is supposed to look . In reality there is a lot going on to protect your server and connected computers from harm.
Your server uses a live firewall. It blocks and unblocks threats as they appear. The firewall blocks hundreds of attacks a day on all parts of the server including email, web and VPN.
The server is protected by the absolute best gateway mail anti-virus scanner. ClamAV is an opensource system which is used by the vast majority of mail gateways and is consistently independently rated as the top gateway antivirus solution.
Most of these viruses arrive in what looks like a PDF file which is zipped up. Your server has strong cloud based protection against viruses in attachments and most are deleted or rejected before they hit your inbox. This is continuously updated to match attack signatures
Thousands of SPAM messages a day that are loaded with viruses.
SPAM protection is also cloud based with real time database updates of known spammers and highly configurable SPAM thresholds.
All files on the server are scanned daily and viruses are removed and quarantined automatically using the same enterprise level virus scanning as the mail system.
No system is perfect so having desktop antivirus is essential. Desktop protection will scan local files on your computer which are not controlled by the server directly
- USB sticks
- External hard drives
- POP mail accounts in Outlook not running through the mail server*
- Drop box and web shares**
- Downloaded programs and images you chose to download
We are currently advising Bitdefender Free as the starting point.
The paid version is cloud based and has very good cloud based tools to disinfect computers remotely and securely.
Crypto-locker and all viruses are bad. It is a continuous game of catchup. The people who write the viruses constantly come up with new ways to defeat even the best and most secure systems.
In the event a virus does get through the network protection and infects your machine please let us know as soon as possible so that it can be eradicated!
If your systems are infected or you suspect that a Virus is on the network and you can’t find it. Contact us..