News
Article

5/12/2015

Attention: Your Data Is At Risk

We want you to be aware of a serious security issue.

A sophisticated form of malware, known as CryptoLocker, is currently affecting organizational networks across the country, including several organizations in our region. It is transferred through infected email attachments and compromised websites. Once one computer is infected, it can spread throughout an entire network. The malware encrypts certain types of files stored on local and mounted network drives with the private key stored only on the malware's control servers. The malware then displays a message which offers to decrypt the data if a payment is made by a stated deadline and threatens to delete the private key if the deadline passes.

So what are you supposed to do?

How to minimize your chances of being infected by CryptoLocker:

  • Education can prevent a lot of these infections.  Recognizing bad/spam/fake emails, avoiding clicks on malicious links, identifying the true address a link is pointing to, etc.
  • Ensure you have up-to-date and comprehensive Antivirus. (Note: Because Antivirus software can only prevent threats for which it has definitions, no one AV product can protect against all emerging threats.) Consider running additional periodic scans with Anti-Malware software like Malwarebytes.
  • Protect your business by a firewall with the security options enabled to preform malicious website blocking and AV checks at this entry point to your network.
  • E-mail should be run through a spam filter.
  • Make sure you have a good backup that occurs at least daily and goes to at least two different types of media or formats, one of which is offsite.  The backup needs to be monitored and periodically checked for consistency/ability to restore. Verify all critical data is stored in a location that is backed up. (For example, on a network drive rather than an individual desktop folder.)

How to recognize CryptoLocker:

  • The Crypto variants of malware, in general, get on a PC without the user knowing it.  They are more correctly called Ransom-Ware because they hold the user’s data for ransom. Most of what we see we believe to come in through either spam/malicious e-mails or through compromised websites.  They can also come in through other pieces of malware “downloading their buddies”
  • Once on the PC, the malware will start encrypting files. In general, they will encrypt the files on the PC’s local HDD (C:) but will also branch out to any other drive letter the PC has access to.  In doing so, this one infected PC can then be used to encrypt the files that many people are using on the server.
  • When you try to open documents, you may get errors stating the file is corrupt:

CryptoLockerCryptoLocker



  • You may also notice the addition of file names such as “help_decrypt”, “where_are_my_files”, etc. Generally, the malware will populate all directories on the PC that contain encrypted files with these “help” documents to direct you on how to pay the ransom.
  • Once the program has finished encrypting or if it is interrupted, a pop up message usually appears, such as:

CryptoLocker




If you are affected by CryptoLocker, call us IMMEDIATELY! We will do everything we can to help you restore your data and avoid paying the ransom.

This type of malware can affect any and all computers so please make your staff aware of this issue. If you receive an email and are unsure it is legitimate, DO NOT OPEN ANY ATTACHMENTS OR CLICK ON ANY LINKS, immediately forward the email to servicedesk@saratogaus.com and ask our team to review it. At Saratoga, we have certified technicians that can provide all of the solutions mentioned above. If you would like assistance with one of these solutions or have any questions about your network or CryptoLocker give us a call at 1.888.525.4220.

Back to Top