Get a Free Consultation Today!



















Contact me regarding the following:
ProAct Managed Services:
Disaster Recovery:
Network Security:
Vendor Management:
Cloud Services:




News

October 18 , 2013

New “Cryptolocker” Virus in the Wild


There is a dangerous new virus that has been hitting business clients around the world. The so-called “Cryptolocker” virus is classified as “ransomware”, or a program that installs itself and then demands compensation for help with removing the program or the damage it causes.
This virus has been found to enter the network via emails, social media or alternately by exploiting an old java installation. Emails come in disguised as shipping notifications from a major shipper, such as UPS. Once the link is clicked, the virus installs itself, without requiring administrative rights. Once installed, the host system is scanned, looking for files that it can encrypt. It specifically targets Office files,  Adobe, and other popular file formats. The virus encrypts these files and then extends the search to any writable network shares that the host is connected to. It then encrypts the network files as well. Finally, a message is displayed to the screen indicating that your files are encrypted and demanding payment within a certain time interval, or the means to unencrypt the files will be destroyed.
Currently, it is difficult to prevent this infection with typical antivirus tools. The virus itself can be removed fairly quickly; however, the damage it does cannot be repaired.
Users should take the following precautions to prevent this type of infection:

  1. Always make sure you are using the most up-to-date antivirus
  2. Install the most recent Windows updates  and also make sure other key applications, such as Adobe and Java are updated regularly. Adobe updates are available at http://www.adobe.com; Java can be updated at http://www.java.com
  3. Make sure all of your key data is getting backed up regularly. Test these backups periodically to make sure all key files are recoverable. We recommend a multi-layered backup approach, including both onsite and offsite backups.
  4. Review internal security policies and consider implementing Access Control Lists to limit what users have access to. If they don’t need access to something, don’t give them access.
  5. Use caution when opening and reading emails or social media posts. If you have any doubt as to the authenticity of the message/post, DO NOT OPEN IT.

We have identified security policies that can be put into place to prevent this infection from occurring. These policies will be installed at contract clients over the next several days. If you are not under contract, please contact us to discuss your options.