Alert: New Ransomware Spreading – Cryptolocker

Below you will find important information regarding a new ransomware that is coming through as attachments to certain emails. As of now this program is impossible to remove, can be very costly to remedy and can result in significant data loss. Please forward this link to your team members.

CryptoLocker is new a ransomware program that was released around the beginning of September 2013. It will encrypt certain files on your computer and when done, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins.

Unfortunately should you be infected with CryptoLocker, there is no way as of yet to retrieve the key to decrypt your files.

HOW DO YOU BECOME INFECTED

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

An example Zbot/CryptoLocker email message is:

From: John Doe
Sent: Tuesday, October 15, 2013 10:34 AM
To: Jane Doe
Subject: Annual Form - Authorization to Use Privately Owned Vehicle on State Business
All employees need to have on file this form STD 261 (attached). The original is retained by supervisor and copy goes to Accounting. Accounting need this form to approve mileage reimbursement.
The form can be used for multiple years, however it needs to re-signed annually by employee and supervisor.
Please confirm all employees that may travel using their private car on state business (including training) has a current STD 261 on file. Not having a current copy of this form on file in Accounting may delay a travel reimbursement claim.

Avoid opening files of this nature or any email from an entity you do not know. DO NOT open the attachment. If you are unsure about an email, call our help desk. We can log in to your computer and help you identify the risk. As always, ensure you are backing up all of your data regularly.


Leave a comment!

You must be logged in to post a comment.