I’m back!

I’m lurching back from the brink of technological oblivion, dear Reader.  I’ve been hacked, malware loaded, threatened with a ransom and left to shrivel in a dark cave with my encrypted Microsoft files.

One morning, two weeks ago, I awakened my sleeping pc only to be accosted with this huge, red box.   CryptoLocker had hijacked my computer, and I had only one option: PAY UP!

In the red box, a malevolent digital clock ticked away the minutes remaining before all my files would be locked – “irretrievably,” warned the box.  I had only one choice, the screen text insisted; go to the web address listed or click the blue button.  I would be connected to someone or something that would take my credit card information, charge me $300, and release my files.

 Mistake #1: I had, two or three days earlier, opened an email from the “USPS” and clicked the attached “Undeliverable Package” receipt.

Yes, I know, “Stupid!”  I’d gotten hundreds of similar phishing messages through my inbox.  I’d ignored them, deleted them, chuckled in bemused arrogance.  But not this time…

I was rushing.  I wanted to clean-up my Inbox before I left to teach. I wanted to get out of there!  Read the subject line; open the email; skim the content; Delete or move on.

  Delete or move on… Delete or …

As my cursor slid over the attachment icon and my finger clicked I KNEW I was making a mistake.  That split second my buzzing brain yelled, “What the  heck are you doing, Girl?!?!”

But, it was too late…

Or was it?  Nothing happened!  My screen didn’t go black. I saw no document or message.  “Ah, I sighed. You almost made a dumb mistake. No harm, no foul.” 

Boy, was I wrong…

Mistake #2: Perhaps, if I’d taken action to protect myself right away, I could have limited the damage to our system.  But, I didn’t…

I could have turned off my computer, disconnected my pc from our networked computers, run our spyware programs just to check for any invasive software, called my in-house computer guru, Larry in and described what had happened so he could check for damage.

But, I didn’t… 

Instead, I sighed, scooped up my briefcase and left. 

While I went my merry way, CryptoLocker was worming its way through my computer and the network, including two other computers. It made no sound, disturbed nothing visibly. But the virus searched out and encrypted every Microsoft Office document saved on our system. Every WORD, every PowerPoint, every Excel file – LOCKED. 

For 48 hours this malware ground away… and then, the red-box-of-death appeared.  When I saw it that morning, I tried to remain calm.  We had a service in place to protect us.  I’d call them immediately for help.

Mistake #3:  I clicked my Explore search engine on my pc and typed in McAfee’s web address.  Up popped the page – or so I thought.  The photo of a smiling, professional face wearing a headset; an 800-number in bold print; the McAfee logo and verbage.  “All would be well,” I thought.

It would take an hour’s phone time with the NOT-McAfee “tech support” people (3 different, deeply accented voices) before I’d finally get it.

I had not gotten to the legitimate McAfee web site; I was not speaking with real IT people; they were not going to help me resolve my CryptoLocker catastrophe. 

My computer belonged to them!  Everything I saw was plastered on my pc screen by the invaders.  The phone number I dialed connected me with the very people who had control of my files.  They were not going to help me.  They were going to get my credit card information any way they could.

When I finally came to my senses and disconnected my phone, I surveyed the damage.  I’d introduced the CryptoLocker virus onto my pc.  I had not taken action to stop any damage, and the damage was done. All our document files were corrupted – probably forever.  I’d wasted an hour talking to the very people who’d caused my problem, and I’d allowed them onto my pc while they “helped” me. 

Over the next 48 hours: We had to clean off the CryptoLocker malware from our system, with the invaluable help from the real McAfee technicians.  We struggled without success to unlock the encryption on our files and documents. We updated and upgraded all our security services.

And now…  now we are slowly, painstakingly rebuilding our files and documents…   from back-ups that are two years old.  (Yes, that’s 2 years – 24 months – 730 days old!)

Mistake #4:  While we’d kept careful back-ups of our system’s software, we had not done a full back-up of our documents in a very long time.  (A lot of work  goes on in two years.)

Now, we are doing daily back-ups of our documents and files.

And that, patient Reader, is my sad tale of woe. 

I share my humiliation and headaches with you so that, perhaps, it may serve as another of those cautions that plant themselves somewhere in our subconscious.  And, one busy day, when you’re tempted to open that attachment or listen to that confident voice on the other end of the phone line… you’ll STOP and remember my ordeal. 

When in doubt – DON’T!!!