CryptoLocker

What is it?

CryptoLocker is a form of malware known as “ransomware” that was released in September of 2013. It targets all current versions of Microsoft Windows. Its purpose is to encrypt commonly used file types including all Microsoft Office documents and picture files. If you see a screen like the one below, you have already been infected. Once the infection takes place and files are encrypted and the only way (apart from restoring from a backup) to decrypt the files is to pay a ransom to the creator of the virus. The ransom can reportedly cost between $300 and $2000. While it does successfully remove the encryption and restore your files, needing to pay a ransom to maintain access to your computer or network’s data is not something anyone wants to do.

Where does it come from?

The primary source of this ransomware is via email. Generally the messages masquerade as being from UPS, FedEx, DHL, American Express, or others. The email will have an attachment that may appear to be a PDF file, a ZIP file, or an EXE file. The message generally indicates that there is some urgent matter that requires the opening of the attachment.

How can you protect yourself?

As with all malware, Antivirus is somewhat effective. With an infection such as CryptoLocker the infection is being updated and changed by the creators at a rapid pace, thus allowing it to make it past the virus definitions in many instances. In any case, it is never a bad idea to make sure that your antivirus is up-to-date and that you have the latest version installed. If you would like us to verify this for you, do not hesitate to reach out to us by e-mailing support@fireflykc.net.

Another level of protection that can be employed is the use of a spam filtering service for your email. At Firefly, we use a Barracuda Spam Filter and have already seen it filter numerous instances of this virus prior to arriving on client e-mail systems. As with antivirus, the issue becomes that a rapidly changing infection can sometimes make it past this line of defense.

The best way to protect yourself and your business is education. The biggest thing to watch out for are emails from companies such as UPS, DHS, FedEx, AMEX, etc. with attachments that are .zip, .pdf, or .exe in file type. None of these services send e-mails with those types of attachments and they should immediately be deleted. If you suspect that an e-mail might even potentially be suspicious, do not open it. You can always email our support team at: support@fireflykc.net and inquire if something is legitimate and we will check for you.

As a business, if you would like us to increase the security policies within your network to attempt to prevent the current variants of CryptoLocker, open a ticket with us today by e-mailing support@fireflykc.net. The important thing to note, though, is that the protection may only work for a limited time with current variants of the infection. Additionally, some of the steps taken to prevent the infection from working in its current form may also negatively impact the use of legitimate software on your computer.

The last part of this discussion, and perhaps the most important part of this discussion, is how to protect yourself even if you get the infection. The most complete insurance against a catastrophic data loss situation for your business or personal computer data is consistent, working backups. Our offsite backups service will allow us to restore files from a previous day, before the encryption took place. Other, more individual backup services, such as Dropbox will allow for the same thing.

What to do if you are infected…

  1. Immediately disconnect your computer from the Internet
  2. If your antivirus prompts you to remove the infection, wait, do not proceed. If, for any reason, the ransom needs to be paid to restore files, removing the underlying infection can make that very difficult to do.
  3. Reach out to us at support@fireflykc.net or by calling 866.933.4359 and pressing Option 1.

Sources/More Information