cryptolockerRecently I had a client who’s MacBook Pro was apparently infected by CryptoLocker. It’s unlikely that Mac users will know about this particularly nasty virus, but Windows users will.

CryptoLocker is an example of “ransomware”; a virus which infects Windows PCs, encrypting files and effectively locking you out of your data. This beast then holds your files to ransom, offering to decrypt them if you pay a fee.

The fee is usually a small amount, around $300, and is done over the internet via credit card.

Yes, you apparently do get your files back.

And yes, you have definitely just opened the door to credit card fraud and identity theft.

There are options for getting your files back, including using a temporary credit card to pay the ransom or using an online service like FireEye to try to decrypt the files, but these aren’t without consequence. You risk identity theft with any credit card, and FireEye is frequently unsuccessful, especially with newer versions of CryptoLocker.

But you said it’s Windows-only

That’s correct; CryptoLocker is a Windows-only threat. So what went wrong with this MacBook Pro?

Simple: Parallels.

Parallels and VMWare Fusion are virtualisation programs; they let you run Windows “virtually” inside your Mac. Often they are used to run a specific Windows app, and inevitably they are given some sort of read / write access to Mac files. This is a perfect conduit for CryptoLocker to get a handle on your Mac’s files.

So while the Mac wasn’t infected it’s files were affected.

What to do?

Simply put, prevention is better than cure, specifically:

  • If running Windows you should always use anti-virus software, and keep it up to date
  • Backup backup backup – Time Machine at a minimum, and CrashPlan to be sure

If all else fails then give us a call, and we’ll try our best to help you.