Opening an email from Australia Post has had 3 clients in 3 days lose ALL their data to the CRYPTOLOCKER virus
* WARNING * CRYPTOLOCKER Virus in Australia Post Emails
Update: 5th Feb 2016
Today we have heard of three more cases of people and businesses in the Perth area being targeted and having their computers, servers and any attached backup drives completely encrypted with:
“The CRYPTOLOCKER Computer Virus is impossible to break or decode without the original encryption key. This type of virus is known as Ransomware and unless you have recent backups that have not been affected by the virus, you will need to PAY THE RANSOM, if you wish to recover those files“
Each computer became infected after opening an EMAIL from AUSTRALIA POST (or AUSPOST), with a subject line such as:
Subject: An agent was unable to redeem the parcel to your place for the reason: receiver was absent
There have been many different subject lines but they commonly want you to click on an attachment or a link such as “Down Load Shipping Label”
More info here: http://auspost.com.au/about-us/scam-email-warning.html
CryptoLocker is a ransomware trojan which targets computers running Microsoft Windows. There is a demand for money which if not paid escalates each day.
The only surefire way of removing the virus is to reinstall windows back to factory settings and then restore your data from your last backup, so please make sure your data is backed up TODAY, onsite AND offsite. If you believe you have seen such an email or encountered this virus recently, please give us a call on 08 6365 5603 and we can help you remove this or any other computer virus or malware.
Please be vigilant.
How do you know if you have contracted the CryptoLocker Virus?
Messages such as these will start appearing on your computer screen
You will also find that you will be unable to open document and picture files and the files now have an extension of .encrypted as per this example:
We know nobody likes to pay a ransom but in some cases it may be the cheapest alternative to resolving the situation.
If you are in the situation where you either have no backup of your files or the backup has also been corrupted and it will cost you more than the cost of the ransom to re-create that data, it maybe worth paying the ransom and hoping the crooks decrypt your files as they promise to do.
Before doing so just check if there are earlier “versions” of your files by following these guides
http://windows.microsoft.com/en-au/windows/previous-versions-files-faq ….. for Windows 7
http://windows.microsoft.com/en-AU/windows-8/how-use-file-history …. for Windows 8
If you use Dropbox or Google Drive for storing documents and pictures you can also go back to previous versions that may not be encryted, using the following
https://support.google.com/drive/answer/2409045?hl=en ….. Google Drive
https://www.dropbox.com/help/11 ….. Dropbox
In an example of the latest attack a ransom of AUD $ 640 (1.298976 BTC) increasing to AUD $1,280 in 120 hours has been demanded.
Although our client was reluctantly willing to pay the ransom, as the payment was required in Bitcoin (BTC) it makes it a very difficult and involved process if you know nothing about the digital currency Bitcoin (BTC)
In order to purchase Bitcoin (BTC) it is necessary to firstly purchase them from an Bitcoin Exchanger or a Bitcoin Marketplace.
Credit card or Debit card payments are not accepted when purchasing BitCoin’s
After trying multiple ways of purchasing Bitcoin (BTC) with many site links not working, we finally came across a site called “Coin Jar” (http://www.coinjar.com) and after a long drawn process of registration and proof of identity (including submitting proof of identification with copies of driving licence, passports and utility bills) we were finally given a BPAY Biller code and BPAY reference number in order to transfer money into the Coin Jar account which can then be used to purchase Bitcoins once the BPAY payment has cleared (2-3 business days) and once in the account she can use those AUD $ to purchase 1.298976 BTC which can then be transferred to the anonymous seller of the encryption key.
Once the bitcoins have been transferred and you “Verify Payment” by clicking on the link provided, you will see a similar screen to this, confirming the payment.
Clicking on Decryption_Software.exe link, downloads the executable file that will give you access back to your files and remove the “.encrypted” extension
When downloaded, run the executable file and click on the “Start Decryption” button
Decryption should commence, and when complete, you will be prompted to restart your computer.
Our experience to date is that the decryption software will only run and decrypt a certain number of files (we have no idea what the limit is) Therefore you may find that only a percentage of the files are decrypted. With one client non of the files on their encrypted external Hard Disk drive were decrypted.
The murky world of the online scammer.
If you do not want to fall victim to online scammers and ransom-ware pirates, make sure all your data is backed up daily in two locations, one online and the other on a local drive. See articles below. We also suggest moving your emails to Microsoft Hosted Exchange to add another level of security and to stop junk and viruses making their may through to your email client.
Need more help?
Covid-19 Update: Business as usual for workshop repairs, remote support and onsite support.
If you live in Western Australia, and you need any kind of computer help, please bring your computer to us at 315 Rokeby Road, Subiaco, Western Australia or call us out. You can email us at firstname.lastname@example.org or call:
For instant remote control sessions, follow the instructions found on this page