Rod at work (2/24/2016)
WOW, Eric! That's pretty bad. Up to this point we've been talking about corporate systems. Now you're mentioning a personal computer. I've heard of people being stung by ransomware, but you're the first one I've known who actually experienced it. If you don't mind saying, how did you handle it? And what AV was being used at the time?
I believe most folks like myself who have been victimized by ransomware, at least regarding CryptoLocker specifically, get it on their personal computers. It's not a targeted attack, it's just a trojan program that automatically encrypts data when it executes regardless of where it happens to be. In a way, it's a lot like a phishing scheme, the kind where a fake alert tells you your PC is infected with a virus and to call a skype number for "tech support", except in this case the PC actually is infected and the data held for ransom, so the victim is motivated to cooperate.
In my situation, it was a bare minimum laptop I mainly used to VPN into work, so fortunately there was very little contained under my document folders. I had a local install of Visual Studio and SQL Server that I used to prototype and experiment off hours, but none of it was irreplacable or confidentaial, so I wasn't motivated to get it back. What I did was simply wipe down the laptop, re-installing Windows and the bare minimum stuff I needed to work with, taking the opportunity to upgrade to Windows 8 in the process.
I did have the free version of AVG AntiVirus installed when the trojan hit and never got any alert. This was about two years ago, so maybe they have since added a scan pattern for it.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho