The CryptoLocker Virus is a relatively new piece of RansomWare/MalWare, only appearing in the wild in Sept. Since then it has already been further developed to be more effective at its job, extorting money from innocent people. Typically, the infection is spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS and even HMRC. These emails will contain a zip attachment that when opened will infect the computer. These zip files actually contain executables disguised as PDF files, they even have a PDF icon. They are typically named something like FORM_101513.exe or FORM_101513.pdf.exe.
Once activated, the infection will contact controlling servers on the Internet and download an encryption key, then start to encrypt the files on your PC. These files include pictures, MP3s, movies, documents, spreadsheets and presentations, amongst others. The encryption method used is very strong, typically stronger than used by Banks, and cannot at this moment in time be cracked (un-encrypted). As it is stronger than encryption used by banks (by a factor of 10), don’t expect it to be cracked any time soon, either!
Once the files have been encrypted, you are prompted to pay a ransom to be able to un-encrypt your files. The ransom varies, depending on the variant of the infection, sometimes starting at 1 BitCoin* sometimes 2 BitCoin, if you pay the ransom within 96/72 hours. At current exchange rates for Bitcoin, a 2 Bitcoin ransom is around £600. Once the deadline passes, if the ransom has not been paid, it typically rises to 10 times the original ransom, around £3000 at the time of of writing.
If you have been infected and your files encrypted, unless you are willing to pay the ransom, the only response is to remove the infection and the infected files and restore your data from backup. If you have no backup, your data will be lost.
To prevent infection:
- Set a Software Restriction Policy on your machine which will block the running of code from temporary file locations (like the browser cache).
- DO NOT OPEN un-solicited email attachments – Even if you ARE expecting an attachment, do not open it directly from the email. Save the file to your Desktop and run an AV scan on it BEFORE opening.
- Ensure your AV product is installed and up to date.
- Install a Web Filter – these products will work in conjunction with you AV product. If anything DOES get past your AV, the Web Filter will block any other malicious code being downloaded onto your machine.
- Install additional tools that are begining to emerge from AV vendors to monitor and block suspicious file system activity.
- Ensure your Backup of important files is current and up to date (and test you can restore files too!)
If you need ANY assistance in setting any of these items up, feel free to call on 07411 431992 or to use the contact form here
Signs of infection:
An example CryptoLocker email message:
From: John Doe [mailto:John@mydomain.com]
Sent: Tuesday, October 15, 2013 10:34 AM
To: Jane Doe
Subject: Annual Form – Authorization to Use Privately Owned Vehicle on State Business
All employees need to have on file this form STD 261 (attached). The original is retained by supervisor and copy goes to Accounting. Accounting need this form to approve mileage reimbursement.
The form can be used for multiple years, however it needs to re-signed annually by employee and supervisor.
Please confirm all employees that may travel using their private car on state business (including training) has a current STD 261 on file. Not having a current copy of this form on file in Accounting may delay a travel reimbursement claim.
The CryptoLocker software in action:
Cloud Info Tec has already seen one customer infected with this software and as a result of not having a backup the customer ended up having to purchase 2 BitCoins, at a cost of over £600 to recover their family photos and and business related documents. The fact that it was only released a little over 2 months ago, has already been reported on by mainstream media (BBC news reports over w/e of 16/17 Nov suggested over 10 million infections) shows that it is moving quickly, infecting a lot of machines, and causing a lot of issues.
Please be vigilant and on your guard for this piece of MalWare, it IS a nasty piece of work!
*BitCoin is a CryptoCurrency, used on the Internet for anonymous transactions . It uses a decentralised model and the ‘coins’ are actually stored on the Internet in secure Wallets. It is mined (created) using special software and traded as a traditional currency would be. More info can be found here
NEED HELP NOW? Try our Instant Messaging, and talk directly to an Operator immediately. Click on the Chat Window on the right of the site and talk to us NOW
Call today, on 01279 320822/07411 431992, or use the contact form here, and we will get back to you ASAP to discuss your requirements