TNSC was made aware of a potentially damaging Malware threat called CryptoLocker that is spread primarily through e-mail attachments. CryptoLocker has started targeting businesses actively.
Note: A CryptoLocker Malware infection requires a member of your staff to actively click on an e-mail attachment. The infection will not activate just by opening an e-mail.
Why CryptoLocker is dangerous to your business
CryptoLocker is different than most Malware because it can render files on a computer and potentially any server that computer has access to unusable. It does this by silently encrypting certain types of files, documents, and databases with RSA/AES encryption, the same encryption used to protect banking information and other highly confidential data. Once encrypted, programs like Microsoft Word and Adobe Reader can no longer read the files, and because of the strength of these encryption types the encryption cannot be undone without the encryption key.
CryptoLocker then presents the computer’s user with a popup offering to undo the encryption for a sum of $300 if paid in the next 96 hours. Even if the Malware is removed, the files will remain encrypted and unusable. While paying this ransom does appear to remove the encryption at this time, it is not recommended. Once infected, the only way to recover from CryptoLocker without paying the ransom is to restore files from backups.
Symptoms to watch out for
- Most or all of the files on your computer or on folders on your server will not open with one of the following errors:
- A compatibility pack needs to be downloaded to understand the file.
- The file is not in the correct format or is corrupt.
- A popup appears with a ransom notice stating, “Your personal files are encrypted!”