Tech Alert: CryptoLocker Ransomware Infection

Oct 26, 2013   //   by admin

In early September, a new and very serious ransomware threat emerged. This threat holds the files on an infected computer hostage for a sum of money. The infection encrypts user data on the local computer, attached USB drives, and any network shares, making them inaccessible without the decryption key, which can only be obtained by paying the ransom the attacker has asked for. At this time, there doesn’t appear to be any way to rescue the encrypted files without restoring from a system back-up or by actually paying the ransom.

Typically, this attack arrives via a phishing e-mail. The message appears to be from a well-respected institution and prompts the recipient to take some form of action. This could be in the form of opening a ZIP file attached to the message or by clicking on a link in the message. Shipping notification messages from FedEx and UPS are among those that are received. Once the file is opened or the link clicked, the malicious software is installed on the computer and begins encrypting data.

When the malicious software begins encrypting files, a window will open, informing the user that it is encrypting your important files and instructs the user that the only way to decrypt the files is by paying the ransom. A time limit is imposed on how long you have to pay before the files are locked for good and will show the files that have been encrypted. Any attempt to remove the malicious software causes immediate loss of the ability to decrypt the files as does failing to comply with payment in the time allotted.

Due to the seriousness of this infection, it is highly advisable to verify that anti-virus software is fully updated and that all of your critical data has been backed-up successfully. According to most anti-virus manufacturer documentation on this threat, the most recent updates of their products should prevent this attack. However, verifying you have a good back-up of your data and exercising caution when opening e-mail messages, is strongly recommended.

If you get this infection, immediately shutdown your computer to prevent the infection from spreading and encrypting all your data, then contact your IT support team for assistance. The sooner this infection is caught, the easier it is to clean the infected machine and recover the lost data.

 

Ryan’s articles can also be seen in Berkshire Business News, published monthly by the Berkshire Chamber of Commerce.