Back, back, back it up

You’ve heard it a million times: Don’t click on links in an email unless you know who sent it and what it is.

But sometimes the link in an email is just so darned convenient. For example, you ship a package to a friend, and then you get an email with a link to track the delivery. It’s safe to click that link, right?

Maybe not.

Scammers are sending emails that look like courtesy messages from legitimate companies — especially shipping companies — to spread a new ransomware called Cryptolocker. So what’s ransomware, and why should you care?

Ransomware is a type of malware that prevents you from using your computer until you pay a certain amount of money. It’s essentially extortion, with all the data on your computer at risk unless you pay.

Cryptolocker works by encrypting all the files on your computer — your photos, your documents, your tax refunds — anything you’ve saved to the hard drive or any shared folders. Once the files are encrypted you won’t be able to open them without the encryption key — which you can get only from the criminals behind Cryptolocker.

After Cryptolocker has encrypted your files, it displays a message like this:

The criminals demand payment through an anonymous payment type like Bitcoin or Green Dot cards, and promise to give you the key if you pay the ransom in time (for example, $300 to be paid within 72 hours).

Unfortunately, once Cryptolocker has encrypted your files, there’s no way to recover them. You could pay the ransom, but there’s no guarantee you’ll get the encryption key.

So what can you do?

Back up your files. Right now. And often.

An external hard drive is a good option, but be sure to disconnect it from the computer when you are not actively backing up files. If your back-up device is connected to your computer when Cryptolocker strikes, the program will try to encrypt those files, too.

What else can you do?

The best way to avoid downloading Cryptolocker — and other kinds of malware — is to practice good computer security habits.

  • Instead of clicking on a link in an email, type the URL of the site you want directly into your browser. Then log in to your account, or navigate to the information you need.
  • Minimize “drive-by” downloads by making sure your browser’s security setting is high enough to detect unauthorized downloads. For example, use at least the "medium" setting in Internet Explorer.
  • Don’t open “double extension” files. Sometimes hackers try to make files look harmless by using .pdf or .jpeg in the file name. It might look like this: not_malware.pdf.exe. This file is NOT a PDF file. It’s an EXE file, and the double extension means it’s probably a virus.

For more tips about how to avoid, detect, and get rid of malware, watch our video:



That was a very interesting video. Can you suggest a malware protection for IMAC OSX 11.0 it's new & I have no protection for it except the Apple Lion, do you feel that is good enough protection for my IMAC, it's been running very slow the past 2 wks & sometimes I cannot close a window & have to use the: Option-Command-Escape to close the browser. Thank you for any info you can send to me:
I hope to get some positive feedback from you as soon as you possibly can...!

Hi Maggie, Macintosh's are not at risk for virusus since the OS language is different from Windows computers. To help with your "lagging" issue, there is an article on how to "stop the dreaded beach ball". I have used the steps to resolve the lag everytime it starts to happen, and it works. Just google it and it show up in your search results.

MAC's are not safe. As their market share has grown, they are a bigger target. Since OSX is UNIX based it is just as susceptible as Windows. In fact, on Feb 24 Apple had to issue an iOS7 patch due to the ‘Gotofail’ Security Bug. Stop Using Safari And Update your iPhone and iPad immediately. They will issue a patch for OSX soon. The "KitM" spyware infected MAC’s in May 2013 so do not believe one of the biggest Tech Myths out there. To answer your question - Sophos offers a free anti-virus for the MAC.

Question: If I ship a package, how does this info become "hacked knowledge" or perhaps I should say "who" revealed this. Was it within the database of the USPO or the shippers where the hacker would access such knowledge?

The scammers behind Cryptolocker blast these emails out to as many people as possible in the hopes that a few people will have shipped a package recently. If you're one of the unlucky people who have just shipped a package, and you get what looks like a legitimate tracking message, you'll be much more likely to click on a link before your skepticism kicks in.

Did... you just title this online safety article based on the Lil Jon song, Get Low?

Well played, FTC.

I can't agree with you any more. Backup is very very very god damn important for computer no matter Mac PC or Windows PC. As a developer of lots of data recovery tools, I am always asked by many people, "How can I get my file back?" I would like to help them, I would like to send them the software. But the problem is that not every time the software can 100% to get the data back 'cause there are so many different reasons which lead to data loss. Right? So I can only tell people is that backing up your important files. Right now, right away! So they don't need to bother anyone and ask the same question.

My wife and me have been hacked (they even decimated a 501(c)(3) ) that I founded to help people in chronic pain. We disconnected from the internet for over 3mos. and our 2 phone lines rang constantly. Even though charity donations were diverted to them, my credit cards were used to buy things no authority would help in any way. The final advise was to get a subpoena to force PayPal into telling us who opened a PayPal account inside our charity's account! PayPal refuses to tell us who they were. I can't find an attorney who will obtain the subpoena for an amount that is affordable. I feel now, after 2yrs of this non-stop that I am being stalked. Keep up all your anti-virus and anything else you can get. They can be seriously psychotic.

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.