People are usually not worried much about malware and viruses, because they think that their antivirus software (or an expert) can easily clean them off their computers without causing permanent damage. Perhaps this was true so far, but times are changing, and the cyber criminals are getting greedier and more sophisticated.

A new virus (ransomware) called KEYHolder is spreading like a plague recently, and causing unprecedented damage to businesses and private persons equally. The virus silently works unnoticed on your PC in the background until it completes its devilish task. It encrypts your files so that they become inaccessible, and then displays instructions demanding ransom in exchange to restore your files into usable forms. Initially the ransom is 1.5 or 2 Bitcoins, which is right now about $450-$600, but if one hesitates too long, the files may not be restored at all. There were reports claiming that even though they have paid the ransom, their files could not be restored; so we can not trust the criminals. Since at the present there is no reliable way to decrypt the files without the keys, if one decides not to pay (or can not pay), then the only other option is to delete all the files, causing permanent loss.

The common antivirus programs will not prevent the infection, and after the virus’s task is accomplished, they can do nothing to restore the encrypted files. It is almost impossible to know where the infected computers got the virus from. There is a suspicion that it spreads on the Facebook, but one may get it via other channels as well. Therefore, the only wise and workable option is to know about the new virus in advance, and take appropriate measures to prevent an irreparable damage, and/or lots of head ache and loss of money.

In order to prevent the calamity back up your valuable files to an external hard drive and keep it separate, disconnected from your computer. The files that are irreplaceable (like family photos, videos, business documents, etc.) should be best burned onto DVD or Blueray discs, so that they can not be harmed by any viruses. The back up drive should be connected to the computer only after making sure that there are no viruses on the system, and the backup can proceed safely. For improved security have 2 (or 3) backup drives, and use them alternately. This way even if one of the backup drives get infected when you connect it to your PC, you still have an older backup on the second backup drive.

If you have your valuable files always backed up, then in case of a ransomware infection you can safely reformat your hard drive and reinstall the operating system. When you want to use your old files, just copy them back to the computer. You will still have to work on the restoration of your system, but your files are safe, and you will save the ransom as well (that may increase even further if the rascals get more greedy).

If your PC gets infected, and my timely advice and your prompt action saved your files, then you should invite me for a bier ;-) Just joking…

Here is a forum topic about the most recent ransomware KEYHolder:
http://www.bleepingcomputer.com/forums/t/559463/keyholder-support-and-discussion-topic/

Morpheus