Below you will find important information regarding a new ransomware that is coming through as attachments to certain emails. As of now this program is impossible to remove, can be very costly to remedy and can result in significant data loss. Please forward this link to your team members.
CryptoLocker is new a ransomware program that was released around the beginning of September 2013. It will encrypt certain files on your computer and when done, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins.
Unfortunately should you be infected with CryptoLocker, there is no way as of yet to retrieve the key to decrypt your files.
HOW DO YOU BECOME INFECTED
This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.
An example Zbot/CryptoLocker email message is:
Avoid opening files of this nature or any email from an entity you do not know. DO NOT open the attachment. If you are unsure about an email, call our help desk. We can log in to your computer and help you identify the risk. As always, ensure you are backing up all of your data regularly.