COEUR d'ALENE - Its name is CryptoLocker.

"It's the most data destructive virus I have seen in my 25 years repairing computers," said Dennis Edelbrock, owner and operator of Computer Guy in Hayden. "The evil geniuses who spawned this terror are probably located in China or Russia."

He said the hybrid virus - part virus and part malware - is an "evil work of art."

It is normally distributed through email attachments, mostly in .ZIP file attachments which look like a small manila folder, or a fake Adobe PDF file.

"Once clicked on, the user sees no response immediately," Edelbrock said. "However, in the background, it is encrypting every piece of data in your computer."

Once the encrypting is complete, a ransom warning will appear on the infected computer's monitor.

The warning says the files are encrypted, and to recover them money must be sent with a Green Dot MoneyPak. Edelbrock has heard of ransom amounts of $300.

The Department of Homeland Security's U.S. Computer Emergency Readiness Team, or US-CERT, said victims are told they have three days to pay the ransom through a difficult-to-trace payment method like MoneyPak. Some victims claim they paid the money, but were still unable to decrypt their files.

The federal agency is encouraging computer users not to respond to extortion attempts by attempting payment, and to instead report the incident online to the FBI at the Internet Crime Complaint Center, www.ic3.gov.

"The encryption used is the most sophisticated type known to man," Edelbrock said. "It uses the same level of encryption used by the banking industry and (the National Security Agency)."

He said the best way to be protected is to have a good backup for the data, keep anti-virus and anti-malware products up to date, and to not click on any email attachments that are not 100 percent recognized.

US-CERT suggests those who believe their computers are infected with CryptoLocker malware take the following steps:

* Immediately disconnect the infected system from the wireless or wired network. This may prevent the malware from further encrypting any more files on the network.

* Change all passwords after removing the malware from the system.

* Consult with a reputable security expert to assist in removing the malware. Users can also retrieve encrypted files by the following methods: restoring from backup, restoring from a shadow copy or performing a system restore.

Edelbrock recommends that those who are hit with the virus contact an IT/computer professional right away. He also suggests that after decryption, users copy all of the files to an external drive, reformat the computer, reinstall everything, and then reload the data.

"We can't be sure that there isn't another infection hiding somewhere in the bowels of your computer software that will appear later on," Edelbrock said.