New computer virus holds encrypted files hostage

by: Richard Elliot Updated:


ATLANTA, Ga. - There's a new computer virus making its way through the virtual world, and it not only locks up your files, it forces you to pay a ransom in order to get them back.

It's called CryptoLocker, and it's a kind of ransomware circulating the globe. International law enforcement isn't sure where it's coming from, but they are well aware of the impact it's having on computer users like northwest Atlanta's Chris Bailey.

Bailey's wife opened up an unassuming email attachment which downloaded the virus into her work computer. A day later, she got a popup window telling her CryptoLock encrypted all her computer files and unless she paid a $300 ransom, it would wipe her files clean in 72 hours. A countdown clock on the popup counted down the hours, minutes and seconds.

"It's crazy sophisticated that somebody's going through this much to cause this much grief," says Bailey. "You just want to go find those guys and bring them down."

Bailey is a computer expert himself with 25 years of experience in the industry, and even he's frustrated by how sophisticated the encryption is. He doesn't believe he can find the key in the time remaining.

The CryptoLocker popup directs you to what's called a virtual currency website, in this case one called BitCoin, where users pay real money for virtual money. The hackers can then anonymously access that virtual money and use it online just like the real thing.

"They don't want my family photos," says Bailey. "But they know that if they can get $300 from 30,000 people, they're getting on up to their million dollars or whatever."

Lt. James Harrell investigates crimes like these for the Douglas County Sheriff's Office. He said he's seen a couple of CryptoLocker cases already, and his office put up a warning about the virus on its website.

"Once it gets into your computer, it's a nightmare, a literal nightmare to try and get it out," says Harrell. "The best way to keep this from happening to you is to prevent it from getting into your computer."

Harrell said the infected email may come disguised as a message from FedEx, UPS or some banking institution. He advises people to look very carefully at any email they may get and make sure it's legit before they open up any attachment.

"The encryption systems they're using are very sophisticated and are very difficult to break," Harrell says.

Harrell advises victims not to pay the ransom, because there are no guarantees the hackers will release the files after it's paid.

Bailey said he morally opposes paying the $300 ransom, but might just do it to avoid the hassle.

"Morally, I don't want to do it," says Bailey. "But from a practical level, it may be something we end up doing."

His CryptoLocker rundown clock ends Friday afternoon at 4:19 p.m.

Channel 2 Action News

Delivered To Your Inbox