Bilpin computer repairman John Keeble has found the Cryptolocker virus is alive and well, a year after it hit the headlines in Australia for locking up computers permanently.
He has had another two clients in his area hit by it this month. It arrives by email, in this case saying it was from Australia Post, while in the past it has come in under the guise of being from AGL.
Last year’s attacks were often under the guise of a Windows 10 update. The ACCC advises the perpetrators are getting more and more sophisticated in their emulation of well-known utilities and companies.
When opened, the emailed virus locks up everything on the computer. A ‘ransom note’ says you must pay to get it unlocked. It’s not clear whether any unlockings have actually happened when the money is paid.
Mr Keeble was angry these emails were still catching people. He sent us a copy of the ‘ransom note’ email.
“Maybe you can print it to scare the hell out of people and get them to be more careful of what they click on, and also to have a backup,” he said.
He said one of his clients had had the foresight to make a backup of the contents of their computer – but unfortunately the USB stick was still in the side of the computer when the virus struck.
“Guess what, it was encrypted as well,” Mr Keeble said. “Once this happens to you then the computer has to be re-formatted and all the system and programs re-installed – a $150 minimum job.
“This morning I have just had an email from another Bilpin resident who just got the same email. She deleted it, so no harm done.”
Last year the ACCC said around $400,000 had been paid to perpetrators by desperate Australian computer owners.
The ransom email
!!! WE HAVE ENCRYPTED YOUR FILES WITH Crypt0L0cker !!!
Your important files (including those on the network disks, USB, etc): photos, videos, documents, etc. were encrypted with our Crypt0L0cker. The only way to get your files back is to pay us. Otherwise, your files will be lost.
You have to pay us if you want to recover your files.
In order to restore the files open our website (deleted by Gazette) and follow the instructions.