• HOME
• ABOUT US
• OUR SERVICES
• CONTACT US
• CUSTOMER SUPPORT
• BLOG

• Home>
• Blog > Corrupt Files - Word, Excel, etc - Cryptolocker Malware/Virus

Malware that "corrupts" your Word/Excel files

23rd October 2013

We were contacted by a customer today who had found staff unable to access files from the server in the office that they had. What they reported was a situation where you couldn't open any Excel file - with the file stating it was corrupt when opened in Excel, yet other files were working fine.

This naturally made us curious since there's no obvious reason only one type of file might be affected, especially when you're looking over an entire server system with tens of thousands of files. The answer though soon became clear...

Say Hello to Cryptolocker Malware

One of the computers used by a member of staff had become infected with a particularly nasty type of malware - one that slowly encrypts many types of documents and files used commonly in a business. When we talk about encryption we mean essentially scrambling a file's contents in such a way that it can't be read by anyone without the encryption keys - something in this case you as the victim of the malware won't have.

Once the software has finished infecting your files, it then turns into a real menace - setting a timer firstly and then presenting you with a screen like this one below:

At this point you really will have just a few hours to pay up the ransom - or find your files are forever encrypted. We strongly recommend you do not pay the ransom - there is both no guarantee that you can then recover your files (some people report they did pay and could, but others report it doesn't work) - certainly if it does work, it can take a long time - apparently 5GB of recovery an hour is not unheard of so if you have a lot of content you could be waiting a long time!

How did the customer get infected?

In this case, the customer had previously received an e-mail - looking a little similar to this:

To get infected, they'd opened the attachment, and then opened the file within it - because in this case the initial attachment was a compressed ZIP file - but inside was an exe file - commonly known as an executable (or a program you can run). With that, the damage is done - it doesn't immediately pop up anything or show you there's a problem, but in the background it installs a bit of software, starts encrypting your files and once done lets you know you've been infected.

30 seconds of clicking has resulted in considerable disruption to the business, many hours of work to fix issues and a considerable cost to the company.

Should you pay the ransom?

Absolutely not - even once your files are recovered, it leaves additional malware on your computer - designed to log keystrokes etc (essentially to gather your passwords and so on) - these can then be used against you in further attacks on your computer - or worse with your online banking. Don't under-estimate the criminal element in these increasingly sophisticated attacks.

You should instead get the infection removed from your computer - your IT Support company are best placed to help you as there are many variants of this attack, and you need to ensure you've fully removed it - from each, all and any computers where the infection exists to be on the safe side. Whilst there are tools on the internet to help you, there is also a danger you'll download a fake program to help you that just infects you further - professional assistance is always best.

Bear in mind that removing the infection will NOT recover your files - at all. You must recover them from a backup - assuming you have a suitable backup - don't forget you need to restore files from BEFORE the point of infection particularly if there's a chance your backup software has run again which would mean the latest, now encrypted files are backed up.

What can I do to avoid being a victim of this malware/virus?

If you're NOT infected with this, then you should do all of these things to reduce the risk of being infected AND to ensure you can recover if the worst does happen:

• Make sure you have good, quality Anti-Virus Software. Don't rely on "Free" versions - they're often crippled, reduced functionality versions - less frequent updates, less features and so on. Plus in many cases they're not licensed or allowed for use in commercial scenarios. We recommend products from AVG and ESET [find out more]
• Have "Internet" or "Cloud" based e-mail scanning for Viruses and Malware alongside Spam as part of your e-mail based defences. For example, we offer our Cloud Screening service for this purpose to help reduce the chance of these things even arriving with a user allowing infection.
  

• Make sure you have a proper backup. We blog about this regularly - but we mean a proper backup. That's one that isn't vulnerable to being attacked itself, one that has many versions of your files in previous states in case you need to go back and so on. Anything where your files are stored on a USB key or drive attached to your PC don't count. Have a look at this blog for more information to see 5 things that aren't backups...

• Don't ever, for any reason, open attachments when they come from someone you do not recognise - ever. Especially if it arrives out of the blue. Don't be fooled by a message "supposedly" coming from a bank or similar.

• If you're running a network and server, use restrictions and permissions to restrict what users can access - don't just allow any old unauthenticated, unrestricted access. By limiting what someone can access, you can limit the damage that can be done by any individual system being infected.
• Get professional help from your IT Support company - at VPW we help small business customers all the time to protect, defend and reduce the risk of infection.

If you need help with this or any other malware & virus infection, call our team today for assistance on 01392 950 950 (business customers) or 01392 879003 (home/domestic customers) - our Exeter based team will be happy to help you.

<< Back to the Blog

Follow us on:

© Copyright 1998-2016, VPW Systems (UK) Ltd | All Rights Reserved | Legal Information |
IT Services and Computer Support for Small Business from an Exeter, Devon Based IT Support and Services Company
From IT Support Services to Business Broadband, Server Systems and Cloud Email, Cloud Desktop and Web Hosting Services
Main Offices: 6-7 Southernhay West, Exeter, Devon, EX1 1JG

You're connecting to us as: 3.145.93.210 using IPv4