Dangerous new virus called CryptoLocker
There is a dangerous virus that is affecting many small to mid-sized networks. The virus comes in through users clicking on email links and attachments. The virus searches out and encrypts key data files on the local computer and accessible network shares. After it encrypts the documents/pictures/databases it will then throw up a message that looks something like this:
While the virus can be removed there is currently no known method of decrypting your files, other than paying the ransom. In the strongest possible terms we recommend not paying the ransom; a better solution is to clean the virus and restore the data from backups. While we have taken steps to further tighten filtration of email against these threats, no filtration service is perfect. As always:
What you can do before you are infected.
- DO NOT OPEN EMAIL ATTACHMENTS OR CLICK ON LINKS THAT YOU WERE NOT EXPECTING TO RECEIVE. WHEN IN DOUBT THROW IT OUT.
- Especially suspect are emails from Your Bank, Not Your Bank, UPS, USPS, FedEx, IRS, Healthcare.gov, Western Union.
- Emails from “administrator” or “admin” are also bogus. We do not send email from these addresses.
- Do not store data locally, verify all documents and data are stored on the server to be backed up.
- Subscribe to a service that filters your email for viruses and spam.
- Subscribe to a managed backup system that stores your data off site automatically.
- Keep your software up to date, or subscribe to a service that will update (Microsoft, Adobe, Java, Chrome, Firefox etc.)
- Talk to your IT Professionals about the possibility of more restrictive network security policies.
What to do if you get infected.
- Stop immediately and call your IT Professionals. Do not remove the virus or run software that could possibly remove the virus. The virus should only be removed AFTER backups have been verified good/restored.
- Call your IT Professionals immediately. This virus has a 72 hour count down timer. After 72 hours it becomes much more difficult and expensive to deal with.
- If you know what you clicked on that caused it, fess up. It is a huge help to us to know how it happened both in cleaning and preventing other future infections.
- Don’t feel badly. Many of the smartest people we know have fallen victim to computer viruses. You are not the first and will not be the last virus call we ever take. Remember we are here to help, and any frustration you hear in our voice is really directed at the bastards who write this kind of stuff.
Because this is a first of its kind, highly successful ransomware virus; we fully expect copycats. The bad guys are making a lot of money doing this. It’s a lock solid guarantee others will try similar tactics within the next year.