November 8, 2013
Cryptovirus, aka CryptoLocker, and How it May Affect You
This message pertains to recent news stories on various cable networks, including our local WNEM TV 5 reporting about Cryptovirus (aka CryptoLocker). The reports are about a serious and nasty variation of other past ransomware viruses like FBI CyberCrime and Homeland Security. Watch this video for some insider technical information about how this virus works, from Sophos.
This latest variation informs you that your system files have been locked (encrypted) and you must pay $300 with X amount of time to get the key to unlock/decrypt your machine (or risk losing the key forever). And it actually does encrypt your files (see news articles below for a list of common files). Of course, there is no way you can trust them to provide you the key (after you give them your account information and money).
This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from FedEx, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.
The only way to ensure you do not lose your files is to:
- Back your files up to a source that's not always connected to your computer or network. Variations of the virus may extend past your local hard drive and look for files on USB flash drives, external hard drives, and network shares.
- Cloud-based backup solutions (such as DropBox or SkyDrive) would be ideal.
- Cloud-based backup solutions (such as DropBox or SkyDrive) would be ideal.
- Practice safe computing!
- Make sure your computer anti-virus software is up to date.
- Make sure System Restore is enabled
- Most viruses are propagated through email links and attachments; phishing and scam emails attempting to be something they're not.
- Scrutinize the messages and think critically - an ounce of suspicion should cause you to exercise extreme caution.
- Do not blindly click on links; instead, visit the site manually (if you feel you must!)
- Do not open attachments just to check them out! Read the paragraph above about how these are typically spread!
Additional information below:
- http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/
- http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
- http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
- http://malwaretips.com/blogs/fbi-cybercrime-division-icspa-virus/
- http://malwaretips.com/blogs/fbi-mac-os-x-virus/
The recent Walmart Email is just one example of the Blackhole Exploit - read more here: