A recent wave of malware has recently come to our attention. The malware, known as CryptoLocker, can have potentially devastating consequences if a user becomes infected.
CryptoLocker is spread as an attachment in the form of spam emails, which disguise themselves as what appear to be credible sources, such as banks, building societies, Sage, FedEx, etc. The infection occurs when a user receives the email and opens the attachment.
The CryptoLocker ransomware works by initially displaying a window that looks similar to the image below:
CryptoLocker then gets to work encrypting all of the files that it can find on your PC or Server, as well as on the server via your shared drives, such as the P drive, making all of these files inaccessible.
CryptoLocker demands a hundreds or thousands of dollars ransom in order to unlock the files it has encrypted. The type of encryption used makes reversing the encryption almost impossible without what is known as a private key, which CryptoLocker save on their servers, and provide to you when the ransom is paid. There is a time window in which to pay the ransom (usually between 72 to 100 hours). After which, the private key is removed from CryptoLocker’s servers and your files become permanently encrypted. The only way of retrieving these files is from a backup. Without an effective backup, the only way of retrieving the files is to pay these criminals the extortionate ransom. We have read reports that paying this ransom does provide a key which can be used to decrypt the files, but we cannot be sure of this. These people are criminals and cannot be trusted.
CryptoLocker is one of the most destructive forms of malware in recent years, and the consequences of becoming infected are potentially catastrophic. Whilst we have taken additional precautions to ensure that users are not infected as a result of the attachment being received via our mail servers, it is still possible for the infection to originate from other sources, such as personal or additional emails accounts, such as Gmail, Hotmail, and Yahoo accounts for example. The infection may also spread through other means such as USB drives, or downloading files from unknown or untrusted websites.
We urge users to be extra vigilant when receiving emails with attachments, and also of the files you are downloading from the internet. We recommend the following measures to help prevent infection and help to ensure the integrity your data in the event of any issue:
• Banks and building societies will never email you zip attachments regarding your account. Genuine emails from your bank or building society will always address you by your full name, and not, for example, Dear Customer, or Dear *username*. This is usually the first sign that the email is spam. Banks and building societies will send you postal letters regarding personal information and your account.
• If you are not expecting the email, for example if you receive an email from FedEx regarding your shipment, and you haven’t shipped anything using FedEx, or it is from a source unknown, it is likely to be a spam email.
• If you are unsure, always ask. You can contact us using any method convenient for yourself. We can verify if the email is genuine or not.
• Make sure your important files are stored on the server, and not on your desktops. Files that are stored on PCs are not backed up by us. If you perform your own file backups on your PC, please make sure that backups are performed to external media such as USB drives, and are only plugged in when performing backups. If USB drives are plugged in when a PC is infected, the files on the drive will also become encrypted. If you use cloud storage such as DropBox, make sure you also back these files up.
• If you suspect or find that your personal machine is infected, do not use USB drives in that PC and then transfer the data to your PC in the office. This can cause the infection to spread.
• Do not forward emails with attachments from unknown, unexpected or untrusted sources.
• If your antivirus software, or any other software such as Adobe Reader installed on your PC is alerting you that it is outdated or requires an update, run the update or contact us so we can perform the update for you. Updates to programs ensures that security patches are applied which viruses may exploit if not patched.
• Scan PC and servers regularly
We encourage business users to invest in a proactive firewall such as a WatchGuard – these can start from as little as £50 per month which includes Gateway anti-virus protection, live security services and web blocker
For further information on CryptoLocker, please see the following: