New Virus 'CryptoLocker' On The Rise

Update: Cryptolocker has been stopped by the FBI. A copy-cat infection, Crytptowall, has since surfaced. Read more here.

This 'CryptoLocker' virus first made its rounds in January of 2013. Now a new and more aggressive variation of the virus is circulating and demanding $300 to unlock your computer and files. We are asking everyone to practice caution with internet browsing and opening emails as this virus has already infected two of our customers and has been difficult to remove. Because the virus is new, anti-virus software is not able to detect and quarantine the infection yet. 

An entire network can be affected by this virus if the original infected computer is on a shared network. 

Where does it come from? 

So far, our technicians and engineers believe that the virus is acquired through email attachments. It is important to be weary of suspicious emails and delete them immediately. Cyber criminals have become more sophisticated and have the ability to make emails appear credible. For instance, they often use large names like the Better Business Bureau and UPS to trick people into opening emails. If you are not familiar with the sender, or receive information that you did not request, delete the email.

** This is not a the actual email that the virus originated from, this is just an example of a suspicious email. 

** This is not a the actual email that the virus originated from, this is just an example of a suspicious email. 

What does it do?

Once a computer is infected, the virus encrypts Microsoft files such as Word, Outlook, Excel, and PowerPoint to a point that they cannot be opened and used. IT professionals nation-wide are reporting extreme difficultly in restoring the files if there are not backups in place.  We are stressing the importance of backing up files because of this difficulty. It has been reported that the servers that provide the key to unlock the computers are now shut down- making unlocking files impossible. If a computer is on a shared network, even if some users are safe, they can become infected through another computer on the network. Again, we are stressing the importance of backups to prevent catastrophic data loss.  

It is likely that many files will not be able to be restored if users to not have backups.

Users then receive a message on their screen the demands $300 for the key to unlock the encrypted files. 

Cryptolocker screen.jpg

What should infected users do? 

People should not give credit card information under any circumstances whatsoever. After-all the criminals are malicious enough to create the malware and cannot be trusted to uphold their end of the deal and unlock the computer and files. If users provide  money, the criminals cannot be trusted to only take the demanded $300.00. 

micorsoft warning from site.jpg

Additionally, Microsoft reports on their website that the crooks cannot be trusted to restore the files once the money has been paid. If not removed professionally, the virus can remain on the computer and gather information from your computer and jeopardize your security and identity. This virus needs to be removed professionally. 


 

Posted on September 13, 2013 and filed under Virus Protection and Security.