Don’t open that email attachment.
The recent release of a new ransomware actually executes its threat. For years, we’ve seen “ransomware” malware that offers to “clean” your computer of all the viruses it has detected for a fee. These viruses are fake, and once removed , the computer is fine.
Cryptolocker is different – it carries out the threat, and if a user doesn’t pay, files are encrypted with a extremely tough to break key. Simply removing the virus does not make the files recoverable. Furthermore, there is a time deadline of approximately 72 hours to pay or lose the files forever.
How Does Cryptolocker Spread?
Simply put, be VERY LEARY of any emails received that appear to be coming from a disgruntled customer.
Cryptolocker is cleverly crafted to exploit business users – the ones most likely to be able to afford the $300 extortion fee – by sending an email to an employee that appears to be from a disgruntled customer. The email has an attachment that purports to contain more details of the complaint.
Once the attachment is opened, the virus goes to work silently, encrypting the users files – Word files, AutoCAD files, photos, etc., on not only the local PC, but potentially any network drives that the PC can access. Once the files are encrypted (this process may take days), it presents itself, asking for the money to decrypt the files. The money is sent via untraceable types of exchanges, such as Bitcoin.
Removal of the virus is relatively easy, but decrypting the files is not. In fact, as of this writing, we know of no way to recover the encrypted files.
How can I stop Cryptolocker from infecting my computer?
This is a relatively new virus, and some people are speculating that the outbreaks that have occurred during the past few weeks may be just a test run. As far as we know, there is NO antivirus program that can intercept and stop the virus from infecting the computer and encrypting the files. We are unsure if anti-spam filters can or will trap the emails, either (this likely varies by filter anyway).
Reliable, continuous backups are the only way of protecting your files right now.
We will post more information on the LANPRO Blog as it becomes available.