There is a new and very serious virus named CryptoLocker which is currently circulating the Internet.
The work of sophisticated hackers, this virus will evade most anti-virus and anti-spyware software and encrypt data on your individual computer and your network, making the data inaccessible.
The delivery is clever and very malicious.
CryptoLocker is known to be spreading via three methods:
- Attached to emails which pretend to be customer support related issues from FedEx, UPS, USPS, Banks, etc. When opened, the attachment will infect the computer.
- Via exploit kits located on hacked web sites which exploit security vulnerabilities on your computer to install the infection
- Through Trojans which pretend to be programs required to view online videos
You should NOT open any attachment you are not 100% confident is safe or click any unexpected or suspicious links sent to you from others. These messages should be deleted immediately if received.
What happens if you become infected with CryptoLocker?
When the infection becomes active on your computer, it scans your local and networked drives for documents, pictures, and other commonly used file types. It encrypts the files with a mix of RSA & AES encryption and hides the key.
Once all of your data has been encrypted by the virus, typically a screen is displayed that contains a ransom note on how to decrypt your files. In some cases it has been reported that the message purported to be from a law enforcement agency, claiming that the business concerned had broken the law. Depending on the version, the ransom amount varies. The program also displays a countdown stating that you need to pay the ransom with 72 hours and failure to do so will cause the decryption tool to be deleted from your computer, making your data completely and permanently inaccessible.
Reports on ransomware infections reveal that even paying the ransom does not always unlock your files. Additionally, paying the ransom fee provides personal information to the hijackers which may result in additional problems as well as get your name on a known “good target” list. The key to avoiding having to pay this extortion fee is following safe computing rules and always having a good backup in place.
Unfortunately, at this time there is no other way to retrieve the encryption key as this is held by the ransomers. Using a brute force method to obtain the encryption key is not realistic due to its length and complexity and thus the length of time required to break the key is long. Any decryption tools which have been released thus far from various companies will not work with this infection. The only current solution after becoming infected is to restore your files from a backup. Prevention is the best course of action to protect yourself and your business.
“But It Couldn’t Happen To Me”
ABC News report that in 2012 police received reports of more than 30 attacks in Australia, but they suspect there has been a lot more. They also report that “ransomware” attacks are on the rise. It’s predominately businesses that have been affected but home users are not immune.
In Europe it is estimated there are 20,000 ransomware attacks each day.
This is a genuine threat which ALL businesses need to take steps to protect themselves from.
How do I prevent infection?
Updates are continually being released to antivirus software, spam filters and other network defences to try to keep this threat at bay, but users are the last line of defence. When in doubt, be safe and delete suspicious emails. Educate your co-workers and staff. Call the sender if you think it may have been something legitimate that requires your attention. Or contact our support team who will be happy to help you review any suspicious emails or websites.
Again, the key to recovering from this malware (if a network machine becomes infected) is having good and recent backups of all data.
Additionally, for our fully managed customers we are putting in place measures to prevent this virus from launching from a workstation should it make its way into your systems.
If you need advice on how to protect yourself against these threats or want an audit of your backups to ensure you could recover from such an attack, please give us a call on 07 3003 1108 to discuss.