We feel the need to update our clients on an especially vicious virus threat that we have now seen at several companies over the last few days. We're talking about "Cryptolocker," a malware program that encrypts users' files and holds them for ransom. Please read on to learn more about the virus, what to do if you contract it, and how to prevent falling prey to it in the first place.
How Cryptolocker Works
When Cryptolocker installs itself on a victim's computer, it proceeds to encrypt the victim's files and all network files to which the victim's computer has access, rendering them inaccessible. Then, the victim is given the message displayed to the left, which tells him or her that the only way to decrypt the affected files is to retrieve the decryption key from the criminals responsible for the malware. And, of course, they want the victim to pay a ransom--to the tune of up to $300--within a set amount of time, otherwise the decryption key will be destroyed for good.
Unfortunately, they aren't bluffing. The encryption Cryptolocker uses is extremely strong, making it virtually impossible to decrypt the victim's files. Plus, as has been widely reported and as we've seen ourselves, paying the ransom, for the time being at least, actually works. Once the criminals receive secure payment (thankfully, the payment methods they offer do make the victim's account information untraceable), the files start to decrypt.
What To Do If You Become Infected
If you become infected, call us immediately. We can help you diagnose the severity of the encryption that has happened, instruct you on how to prevent the encryption from spreading across your network, and help you weigh the risks of paying the ransom against restoring your files from backups.
How To Prevent Infection
A good number of victims have reported email attachments as the main carrier of this virus. It seems that at least one tactic the criminals have used has been to send fraudulent emails posing as customer complaints. Victims open these emails and their attachments, and the headache begins.
Still, as word gets out about Cryptolocker, those responsible may start using different tactics. The botom line is that the best defenses against this sort of thing are vigilance and a good backup strategy.
Do not open email attachments or click on email links unless you are absolutely, 100% sure they are legitimate. Do not click on pop-up windows you did not expect to show up while browsing the web. And, to protect yourself in the event that you do become infected, always have good backup solutions in place so that you have the option of restoring your files from recent backups instead of paying the ransom.
As always, please do not hesitate to contact us with questions.