There's a new kid in Malware town and he's causing trouble. Going by the generic label of Ransomware, this class of malicious software takes control of a system and then directs the user to pay for the system to be unlocked. The intention is always to extort money from the user. In some cases a law enforcement agency message will be used claiming that the computer has been used for illegal activities. In other cases, files will be encrypted and rendered unusable unless the ransom is paid.

In Australia, the Cryptolocker virus has been impacting many businesses and individuals, including local councils in WA. The payload for this virus encrypts all Office documents on drives that are connected to the infected computer. Once this process is completed, a message will popup stating that the files have been encrypted and that a ransom is required to decrypt the files. This can obviously cause a significant impact on the businesses involved. The infections are usually caused by users opening attachments in emails that look like PDF documents but are in fact executable programs. It is also possible for websites to install the malicious code to workstations.

It is not advisable to pay any ransom, as there is no guarantee that the malware will be removed, in fact it is more likely that you will be targeted for further extortion. It is advisable to get a computing professional to assess the damage and see what can be recovered. To mitigate against the impact of ransomware, it is best to ensure you have a regular backup, preferably offsite and not connected to the network. This way it is possible to recover files that have been encrypted or rebuild systems that have become unusable. Prevention is better than cure so it pays to follow the standard precautions for safe computing: