Accellis has become aware of a surge of emails containing a piece of ransomware called Cryptolocker. Cryptolocker is quite possibly the most fiendish and crippling threat that has ever been created to date. Once you have the infection, it will lay dormant in the background until it detects a period of inactivity, thus the user will have no warning signs, until it is TOO LATE.
If contracted, Cryptolocker will not only scan the local hard drive, but it will also reach out to any shared drives and begin to silently encrypt the data contained within. The method employed is 2048-bit “military-grade” encryption. A vast majority of the world’s “super” computers are unable to decrypt these files in a reasonable time-frame, if at all. Since the encryption is so strong, it does take some time to spread. However, if this was contracted on a computer on a Friday afternoon, by Sunday or Monday, EVERY file in your shared drives could be rendered completely useless.
If you see anything that resembles the image below, Please unplug your computer from the network and contact your network administrator immediately!
There are only three ways to combat Cryptolocker. We cannot stress enough that education and prevention is the most effective way.
Accellis is launching a campaign to educate all of our clients on the methods to better understand what spam is, and how to identify it. The most common method for enticing a user in to clicking on the attachment “Payroll.zip” or a link: (http://iknowhowtomakeeasymoney.com). I am sure that everyone reading this is scoffing about the simplicity of the attachment name, or internet address. However, this is the most common method known that spammers use to ingratiate themselves in to making the users believe that the link is legitimate.
They will often mask the address as: http://iamyourfriend.com
However, if you hover your mouse over the link (without clicking), you will find that it is really taking you somewhere completely different.
PLEASE ask Accellis or an Office Manager at your firm before opening an attachment or a link in an email. The time spent to do so could very well save a day or more of down-time.
2. Restoration of files from backups
Backups run nightly and therefore do not contain that prior day’s work until late in the evening. If the infection manifests at the end of the day, the backup system will then back up the files that are already encrypted. While we can restore from the previous back up, the firm stands to lose a day’s worth of data. This is obviously not ideal.
3. Paying the ransom
This should only be an absolute last resort. Since the cyber-criminals are extremely clever, they make you pay with a new internet currency called a BitCoin. They are basically untraceable. Unless you already own them, they are extremely difficult to obtain and by the time you are approved, the fluctuation of the actual value of a BitCoin may change drastically and affect your cost for data retrieval. You are also basically paying a terrorist’s ransom for “kidnapping” your data.
Below are some additional resources that will help to identify spamming techniques:5 Things to Look Out for Before Opening a Suspicious Email 10 Tips on How to Identify a Phishing or Spoofing Email United States Department of Justice Cryptolocker News Release