Tuesday 7 October 2014

Emotional Intelligence and the CryptoLocker virus




There I was sitting at my computer one day after flying back to Sydney from Istanbul (a 22 hour journey) looking at my 300 or so emails (I deleted over 1000 during the month I was away) when I saw a new email from Australia Post asking me to open an attachment containing information about a missed parcel delivery.  I was expecting a delivery of wine.  Also my mind was suffering from jet lag and what the Buddhists call “monkey mind” — and we think of one thing and then another like the random movements of a pinball in one of those old fashioned machines.

After checking to see if Australia Post does send emails (they do) and despite a lifetime warning people never to open attachments I clicked on the attachment.  Up it came, a notice that my computer files had been encrypted.  I had been done in by the latest scam, the CryptoLocker ransomware.  .

For those unfamiliar with CryptoLocker when the malware is activated it encrypts your document files using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displays a message which offers to decrypt the data if a payment of 1.26 Bitcoins is made within 72 hours.  If the payment is not made the price doubles.  Although CryptoLocker itself is readily removed, your files remained encrypted.  So after chastising myself for being so stupid the first thing I did was check my backup and then discovering my last back up was some five months ago.  Again this is stupid but my excuse was that I had been travelling on two of the five months and I had not done a back up in the interval.  I could do a restore but I done a lot of work over the financial year end on my accounts which I wanted to recover do I decided to pay the ransom which was approximately A$650.

Payment of 1.26 Bitcoins is surprisingly easy but it could be intimidating to the compture novice.  Setting up a Bitcoin wallet is takes about five minutes.  Then you have to buy some Bitcoins which can is not that hard.  You set up a transaction and then go to a bank to transfer the money which you have to do in 60 minutes.  The transaction is completed within 2-3 hours.  The problem is that when you do the transaction .00001 Bitcoins is deducted as fee so you no longer have 1.26 Bitcoins in your wallet but 1.2599 which is not enough to pay the ransom.  So I had go through the process again this time  putting in $50 minimum.  All the time I was saying to myself keep calm you will fix this.

Anyway I then paid the ransom.  A message came back saying thank you and it could take about 4 hours to de-encrypt the files.  In fact in took around 30 minutes.  I then did a restore and overwrote most of the files with the back up.

The de-encryption did not work perfectly.  Certain folders were missed.  Also when I loaded my spreadsheets and word documents an error message came up saying part of the file was unreadable but I just told the program to ignore it.  When I saved and reloaded the document no error message reappeared.  I also ran a clean up program on the registry and using Regedit removed some suspicious looking files.

Then I rescanned my computer to check if any viruses were on the system.

It took me about two days to recover.  Lesson learned:


1.      Keep calm and you will get there in the end. (Step 2 of EQ)

2.      Never ever open up attachments even from trusted friends.  Mine was a pseudo PDF file.  My virus software said it was not a PDF but an executable program but I was in a muddled state and clicked OK. 

3.      Do backups at least once a month (weekly is better) and the day before you are going overseas on a trip.

 
I now have a wallet containing 0.09729 Bitcoins.  If anyone goes through the same heartache as me and is short by .001 of a bit coin send me an email with your Bitcoin wallet identifier and I will send it to you.  All I ask is that you first down load one of my free Emotional Intelligence whitepapers.


No comments:

Post a Comment