About

We are passionate about computers (without being geeky) and help our clients by allowing them to focus on their core business, while we take care of their computing requirements.

13
Oct

Crypto Locker ransomware

Recently one of our clients  became infected with a new threat called Crypto Locker Ransomware.

CryptoLocker

In this case the client received an email with an attached zipped file. The body of the email indicated there was an urgent report to be opened and read as soon as possible. As our client is a law firm, this was not an unexpected type of email to receive. So they opened the attachment and that was when the drama unfolded.

Crypto Locker is nasty in the fact that it encrypts all of your data files on your computer and your mapped network drives. What does this mean? It means once encrypted you no longer have the ability to open your files with out the use of a special key to unlock your files. It gets worse because the people that have developed this crypto locker threat, demand a $300 USD ransom. Upon received payment they will then provide you with the key which will then remove the cryptolocker software and unlock your files. But if that wasn’t enough they have also installed a timer which is counting down and if you do not pay the ransom before the countdown completes, then the software will destroy the key.

Our policy is not to give in to these types of demands. In this case we were able to remove the crypto locker software. However we were not able to decrypt the files. The software does warn you about this. It states “Any attempt to remove or damage this software will lead to the immediate destruction of the private key by server.”

In our case I wasn’t so concerned about this. Our client uses backup software called Shadow Protect. This backup software takes snap shots of the server data on a regular basis. So we deleted the encrypted files and restored the data from backup. Only 45 minutes of work was lost and as this all happened at around midday a lot of staff were at lunch so there was not much activity in regards to the data.

This is a timely warning to everyone. If you receive email from someone you don’t recognise, then don’t open any attachments with out validating the authenticity of the email. Please, please, please do regular backups. If you struggle to maintain regular backups yourself, then consider our online automated backup service called Dataworx.

And always use a known antivirus software such as ESET NOD32.

Mark Coleman
About Mark Coleman
Director of Brainworx Computer Services and the sub brands of Mailworx and Dataworx

Comment

  1. Cryptolocker
    October 30, 2013 at 9:57 pm Reply

    Here is more info on Cryptolocker: http://privacy-pc.com/how-to/remove-cryptolocker-virus.html

  2. Lawrence
    November 18, 2013 at 8:41 am Reply

    Would external HDD be protected if they were made read-only? Thanks

    • Mark Coleman
      Mark Coleman
      November 18, 2013 at 9:33 pm Reply

      Hi Lawrence, thats a good question.

      Luckily we have had only one client infected so far, so our exposure to this particular threat is limited. What we do know is this ransomeware can affect both your local drives and your network drives, really any device that is assigned a drive letter is exposed. So your local disk “C” or an USB external drive that might be assigned as “G or F” drive, or a network drive with any other letter such as “K or S or H or U” (as examples) will be at risk.

      Remember that malware generally runs with the same permissions and powers as any program you choose to launch intentionally.

      So, any file, on any drive letter or network share, that you can locate and access with a program such as Windows Explorer can be located and accessed by CryptoLocker.

      You dont mention what your external hard drive is used for, however if your external USB drive doesnt need write access, then yes you can make files and folders read only.

      In addition I would say your best defence is:

      - caution when opening emails
      - caution on the websites you visit
      - run a well known antivirus software
      - keep that antivirus software up to date
      - run regular antivirus scans
      - keep your operating system up to date with the latest security updates, patches and service packs
      - and remember backup all important files regularly

Trackbacks for this post
  1. Dallas Clarke's Jewish News » Cryptolocker: Menace of 2013

Leave a Reply

Your email address will not be published. Required fields are marked *

3 − = two