Jun 052014
CryptoLocker Ransomware page

CryptoLocker Ransomware – If you see this on your computer screen you are in trouble.

Of all the computer viruses I’ve seen in nearly 20 years of helping people with their computers, none is nastier than what is known as “ransomware”. There have been several variations, starting with a virus called Cryptolocker. Later versions were called CryptoDefense and CryptoWall, just to name a couple. They use a powerful kind of encryption to render all of your personal files impossible to open without the encryption key. They ransom that key to the owner for as much as $1,000 US, but that could go up at any time. To increase the urgency of paying the ransom, they warn you that if you don’t pay within a day or two, the “fee”doubles in cost. If you miss the last deadline they say they destroy the encryption key.

Unlike other viruses, removing the virus does not restore access to your files. Unless you have the files backed up to an external source – either a drive not connected to your computer since getting the virus, or online backup (in “The Cloud”), your files are gone. Of course you could pay the ransom, but there is no guarantee that you will get the encryption key in exchange, since you are dealing with crooks. Many people have reported paying the money and not getting the encryption key, or it not working. Obviously, the crooks are not big on technical support.

Besides having a good, up to date antivirus program on your PC, the best defense against threats such as ransomware is to have a reliable, automatic and frequent backup program running, preferably one that keeps prior versions of changing files. We have discussed automatic online backup services in an earlier post. There is no substitute for good, frequent backups. In the case of ransomware, it’s not only the best defense, it’s often the only defense. If you back up to an external hard drive that is connected to the computer after you get the virus, your backed up files will also be inaccessible.

Once the virus is removed, if you are lucky you may be able to recover some or even all of your files, provided your operating system is Windows Vista, 7 or higher. Removing the virus is a fairly advanced technical feat, but one which is outlined in a video on YouTube.com. If you have Windows Vista or later you may be able to recover an earlier version of the file through a Windows background feature called Shadow Copy, although later variants of the virus may delete the Shadow Copy backups, as well as System Restore points. Again, the best defense against this type of virus is to have good and frequent backups. If your backup drive is connected to the computer at the time of your infection, all the files on the backup drive may be encrypted as well. That’s why online backup in addition to local backup is so important.

Besides having a good and up to date antivirus program on your PC, I recommend using “second opinion” antivirus software such as SurfRight’s Hitman Pro. This does not conflict with your main antivirus software, and it may catch infections that the primary program misses.

The image below is a screen shot of the CryptoWall ransomware instructions for paying the perpetrators through Bitcoin. Paying it is not a good idea.

The CryptoWall ransomware page

The CryptoWall ransomware page.

Apr 022014

XP-LogoWith Microsoft no longer releasing security updates and patches for Windows XP as of April 8, 2014, a lot of clients and friends have been asking me for my advice. They have two questions: 1) “Is it still safe to use Windows XP?” and 2) “Should I upgrade Windows XP to Windows 7 or 8?”. So partly to save time and partly because this blog is supposed to be a font of useful computer information, here is my advice:

1) Is it still safe to use Windows XP?:

It has been never been as safe to use XP as it has to use Windows 7 or later since Windows 7 came out. Research shows that XP has fewer security measures built into it than 7 and 8. As of April 8th it becomes even less secure. Until then, as soon as possible after a security hole was discovered in XP, Microsoft’s engineers would release a Windows Update patch that would plug the hole. That has been going on since the system was first introduced in 2001. Yes, it’s about 13 years old, which in computer technology time is several lifetimes. But come April 8th, no further updates will be released, according to Microsoft. So if some hack gets revealed on April 9th, any computer running Windows XP that is connected to the Internet will be vulnerable to it. Does that mean you’ll get hacked immediately? Probably not, but who wants to be the bait?

2) Should I upgrade my computer to Windows 7 or 8?:

Bottom Line: I recommend getting a new computer.

Here’s why:

There is no direct upgrade path from XP to 7 or 8. That means you cannot do the usual kind of “in-place install” upgrade where all your programs, documents and settings are still there when you finish.  Instead they MAY get deleted when you upgrade, or moved to a folder called Windows.old (see below). That means you have to first back up everything to an external drive (though you can use Windows Easy Transfer Wizard for that, it still may take up to an hour or more), do the upgrade install, then restore your documents and settings and (and this is the real time eater) REINSTALL ALL YOUR APPLICATIONS. For that you’ll need the original installer disks or downloaded the installer files from online, along with the product Activation Keys or Serial Numbers to be able to use the programs for more than a brief trial period. With all that and running all the Windows Updates it could easily be a three or four hour job, if not more. In  the end you’ll still have old hardware running a more recent operating system, inevitably slower than new hardware would. All those things considered, I recommend buying a new computer.

As long as your old computer still works, you could install Windows 7 or 8 on it and use it as a backup machine, in case your newer computer has to go out for repairs, or if you have a guest or kids that you don’t want touching your main computer. You’ll just have to buy Windows 7 or 8 and run the upgrade, which will delete your personal data*. Incidentally, that’s not a secure deletion, so this path wouldn’t make security sense if you were going to give the machine away or sell it. In that case you should do a secure wipe of the computer first, using software you boot from an external disk that will write over the data on your hard drive with random zeroes and ones. Then you can install Windows and not worry about who might wind up with the computer someday.

*If you run the Windows 7 installer as a program while you are in Windows XP, and do not choose to format the C: drive partition, your old files and settings will be moved to a folder called Windows.old. After a couple of weeks if you are sure that you have recovered everything you need from your old Windows XP installation, you can delete this folder. Microsoft recommends deleting using the Disk Cleanup utility:

Post-install clean-up (optional)
WARNING–Before you use Disk Cleanup, make sure that all of your files and settings moved correctly to Windows 7 where you expected them to be. Deleting the Windows.old folder can’t be undone.
1. Click the Start button, and in the search box, type Disk Cleanup. In the list of results, click Disk Cleanup.
If you’re prompted to choose a drive, choose the drive you just installed Windows 7 on, and then click OK.
2. Click Clean up system files. If you’re prompted for an administrator password or confirmation, type the password or provide confirmation.
If you’re prompted again to choose a drive, choose the drive you just installed Windows 7 on, and then click OK.
3. Select Previous Windows installation(s) and any other categories of files you want to delete.
4. Click OK, and then click Delete Files.
© 2009 Microsoft Corporation. All rights reserved.