We’ve already sent out an email out to clients about this malicious virus, but we wanted to advise all companies to watch for Cryptolocker.
What is ransomware?
Ransomware is a class of malware that restricts access to the computer system it infects, and demands a ransom be paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive (cryptoviral extortion), while other forms of the virus may simply lock the system and display messages intended to coax the user into paying.
What does Cryptolocker do?
Once Cryptolocker infects a workstation, laptop, device, or server, the virus immediately:
1. Attacks any existing antivirus program and renders the antivirus software useless.
2. Encrypts data on any attached drives (internal, USB and network) with dual encryption. Each file is encrypted the the entire batch of files is encrypted a second time. Currently, there is no way to decrypt the files.
3. Asks for a credit card payment via pop-up windows to resolve the problem. Some versions unlock the files, some do not, but all versions expose credit card data to fraud risk.
Cryptolocker infects a computer, device or network through all the major known security holes including Java, flash, website pop-up windows, and email attachments. It has even been found to be attached to several known Trojan viruses like the Zero Access Trojan.
Do you have any recent examples?
We assisted a client last week who was majorly infected with Cryptolocker. We found that a user’s home PC was infected and was synced to her work desktop through a perceived “safe” app – Google Desktop. The system damage was catastrophic and un-repairable . Fortunately, due to their backup routine with VitalBackup, we were able to perform a system restore and get them back online in 20 minutes.
What can I do to protect my organization from this virus?
Most infections are caused by user behavior. Anti-virus software, firewalls and SPAM filtering technologies help filter malicious files and significantly reduce the chances of infection.
To prevent infection:
1. Never download or open files from unknown email senders or websites. Just visiting a suspicious website can cause image files to be downloaded and should be avoided.
2. Stick to business on your work network – personal emails, devices, games, music, and movies are a common source of virus infections.
3. Back up your PCs and servers. Modern virus infections are typically so severe that repair is impossible. However, with good backups your system can be restored quickly and with minimal loss.