There is a new threat out on the internet called Crypto Locker. The Crypto Locker virus is considered to be one of the most historically devastating viruses to date and, as such, it holds your computer’s data hostage until you pay a ransom or decide that you can live without it.
Cryptolocker comes in the door through social engineering. Usually the virus payload hides in an attachment to a phishing message, one purporting to be from a business copier that is delivering a scanned image, from a major delivery service offering tracking information, or from a bank letter confirming a wire or money transfer.
This infection CAN COME IN ~70 FILE FORMATS/EXTENSIONS. Mostly, we have seen it in e-mails as .ZIP or .PDF attachments.
DO NOT open any files coming from these sources with attachments.
What does it do?
After opening an infected file, this virus will infect a computer within an hour or so
It then encrypts all of the user data files on the computer (Word, Excel, PowerPoint, etc. documents)
Then, it moves onto encrypting all of the user data files on all shares (Server Data) that are connected to the computer
Finally, the screen turns red and the ransom message (pictured below) pops up informing the user that within 72 hours they have to pay $300 to decrypt the data
Crypto Locker ransom
Once infected, what do I do?
You can restore your data from a known good backup, or
You can get a MoneyPak card, fill it with $300, and pay the ransom (this has worked for some, but not all, users)
How do I prevent it? Can you protect me?
Sophos Antivirus is catching it, but will NOT prevent hostile encryption
Remove access/permissions for installing programs to local computers
Download and install CryptoPrevent (a Crypto Locker prevention kit)
IntellecTechs is currently scanning e-mails and implementing restriction policies for our clients. We are also in the process of deploying CryptoPrevent in hopes of preventing any further infection.
Please educate yourself and do NOT open any attachments from unknown recipients; also, be sure check in with known/trusted recipients to ensure they have intentionally sent you an attachment before opening it (as they may already be infected and spreading the virus unknowingly).
IntellecTechs strongly recommends that you download and install CryptoPrevent (the download link is at the bottom of the page). If you have been infected or are having trouble implementing protection methods for yourself or business, please call us at (757) 962-2487 or e-mail us at firstname.lastname@example.org.