Crypto Locker ransomware
Recently one of our clients became infected with a new threat called Crypto Locker Ransomware.
In this case the client received an email with an attached zipped file. The body of the email indicated there was an urgent report to be opened and read as soon as possible. As our client is a law firm, this was not an unexpected type of email to receive. So they opened the attachment and that was when the drama unfolded.
Crypto Locker is nasty in the fact that it encrypts all of your data files on your computer and your mapped network drives. What does this mean? It means once encrypted you no longer have the ability to open your files with out the use of a special key to unlock your files. It gets worse because the people that have developed this crypto locker threat, demand a $300 USD ransom. Upon received payment they will then provide you with the key which will then remove the cryptolocker software and unlock your files. But if that wasn’t enough they have also installed a timer which is counting down and if you do not pay the ransom before the countdown completes, then the software will destroy the key.
Our policy is not to give in to these types of demands. In this case we were able to remove the crypto locker software. However we were not able to decrypt the files. The software does warn you about this. It states “Any attempt to remove or damage this software will lead to the immediate destruction of the private key by server.”
In our case I wasn’t so concerned about this. Our client uses backup software called Shadow Protect. This backup software takes snap shots of the server data on a regular basis. So we deleted the encrypted files and restored the data from backup. Only 45 minutes of work was lost and as this all happened at around midday a lot of staff were at lunch so there was not much activity in regards to the data.
This is a timely warning to everyone. If you receive email from someone you don’t recognise, then don’t open any attachments with out validating the authenticity of the email. Please, please, please do regular backups. If you struggle to maintain regular backups yourself, then consider our online automated backup service called Dataworx.
And always use a known antivirus software such as ESET NOD32.