Cryptolocker Virus

Posted Tuesday, October 15th, 2013 at 3:46 pm by: Stacy No Comments  

We wanted to make you aware of a virus that is making the rounds and can have devastating effects on the data on your computer.

The name of the virus is called Cryptolocker, and one of the ways we are seeing it deployed is through emails called phishing scams. These emails may look like they are from reputable sources such as FedEx, Intuit/ADP Payroll, IRS tax notices and have subjects or information designed to trick a user into clicking a link or attachment. For example, they might say ‘Your payroll failed to process, please see the attached report for important information’.

If you suspect any email, especially those with links to click in the body of the email or an attachment, to be suspicious we highly recommend you do not open these. If you get a notice such as these and are concerned they may be valid (for example, you just shipped something with FedEx and you get a ‘your shipment was lost’ type of notice), we always recommend going directly to the vendor’s website to check status directly. 

The issue we are seeing with Cryptolocker is that it “locks” up all the user files and documents on the computer, and essentially holding them “hostage”, claiming it needs a set amount of money from you to pay the ransom (there are conflicting reports about if this actually works to unlock the files or not) for your files back. We are successfully able to remove the virus itself from your computer, but the files ARE GONE. There is no way to recover them unless you have a good backup. 

We recommend that you do not open any emails that you are not expecting, especially those that contain attachments from companies that would not normally send them. When in doubt, contact the sender or the company directly.

If you would like to review your current backup/disaster recovery configuration, let us know and we will contact you to discuss. We recommend review of this information at least annually. 

Here are a few examples of phishing emails. None of the following are legitimate emails, each has an attachment that likely contains a virus. Some of them look very real, even the name of the sender looks real, or they use logo’s from real companies.

If you click on each image it will enlarge it for viewing.

 

crypto3

 

crypto2

 

crypto1

 

Lastly, here is the pay now screen some are seeing when they do have this virus:

th-paypage-4801

 

We hope you remain unaffected by this virus, however, if you encounter this virus on your computer, unplug the network cable from the computer as soon as you can. This will not prevent infection, but may prevent spreading it across your network to other computers. Do not turn off the computer or attempt removal of the virus yourself – tampering with this virus can result in permanent loss of data. Then call us for help.

 

Tags: , , , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>