ALERT: About the CryptorBit Infection

January 23rd, 2014

A few months ago, we sent out an email warning about the notorious CryptoLocker infection, which can encrypt the data on your computer so that it becomes unusable and then hold it for ransom.  Unfortunately, a new infection called CryptorBit has surfaced that does exactly the same thing.  Whether it's made by the same group as CryptoLocker or it's a copy-cat is uncertain, but the infection and end results are nearly identical in every way.

What it is:

CryptorBit, like CryptoLocker before it, is an infection that can activate when a user clicks on a link in a spam message or malicious email, clicks on a malicious link while browsing the web, or opens an attachment in an email from a malicious source.  Emails may appear to be sent from people you know, but it's important to read carefully - if it doesn't look right it's probably not.

Once inside your computer, CryptorBit takes your files and encrypts them so that you can't read them.  Then it holds your files hostage for a ransom of $500 or more - if you don't pay, the files remain unusable and are essentially destroyed.  This not only applies to files on your computer, but also files on any shared drives as well.  These are some examples of effected file types:

- Word files             - Excel files                   - Pictures              - Music

- Movies                  - Quickbooks files        - PDFs                  - All other data

Even when antivirus programs and other security policies and procedures are in place, it will not prevent a CryptorBit infection. Everyone should be especially careful with emails and web browsing.

If you think you have the CryptorBit infection:

  1. DO NOT CLICK ON IT!  Clicking on an infection alert is often the method by which the infection tricks you into activating it.
  2. SHUT DOWN YOUR COMPUTER - in order to prevent further damage to your files, shut down your computer right away.  If you don't see your start menu because it is hidden by the infection, hold down the power button on your computer until it shuts off.  Unplugging your Ethernet cable is a good thing to do as well.
  3. CALL US RIGHT AWAY - do not attempt to continue working on your computer - the longer you wait, the easier it is for infections to embed.

The best protection against these infections is a good backup.  We strongly advise that people keep their important files on their servers, and not their desktops or local folders.  The reason for this is that files on the server are typically backed up, and files on the local computer are generally not.  If your files are encrypted, we can restore them from a backup with relative ease.

HOWEVER - if your files are not backed up, they will not be able to be recovered without paying the ransom, which is a long, involved, and expensive process.  In either case, PLEASE DO NOT ATTEMPT TO TAKE ANY ACTION ON YOUR OWN!

Please give us a call or send an email if you have any questions, and PLEASE GET IN TOUCH RIGHT AWAY if you think you have infections of any kind.  Please be vigilant!