Imagine your laptop being held hostage and you have 72 hours to pay a ransom in order to see your files again? How would this impact you? How would it disrupt your business day or that of your team?
I do not often send out blast emails to our customers, but I wanted to make you aware of a particularly destructive virus making its way through the internet. The virus is most commonly called CryptoLocker and there are several versions of it. Please forward this to your entire organization or technical contact at your company. This communication is only being sent to primary contacts.
The CryptoLocker virus first made an appearance in early September 2013 and is a “ransomware” virus, meaning that it will not release your computer until the ransom is paid. This payment ranges from $300 to $700 or more. We first became aware of it 3 weeks ago when a colleague informed us it hit one of their sites in Wisconsin. To this day, their network is only limping along having experienced a significant loss of data. It struck closer to home last week when one of our clients was hit and we are still working through it. At this time, it cannot be removed.
The virus usually comes attached to an email and is disguised as a PDF document, but it is actually an executable file that delivers a virus payload to the computer. It immediately encrypts files on the computer and any files that this computer has access to, such as server shared folders, making them useless to the rest of the users. Only the infected computer can still read these files because it stores a temporary decryption key on the computer. They cannot be opened even If you copy them to a USB drive and open them from another computer. There is a 72hr timer countdown. If the ransom isn’t paid and the timer “expires”, the temporary encryption key that allows you to access these files is deleted. Once this occurs, there is no hope of retrieving the files. Our staff has researched this virus and found that, so far, the countdown is legitimate and files are deleted when the time reaches zero. Thus far, the hacker appears to be “honoring the commitment” to release the computer if the ransom is paid in time.
How to help protect yourself and your network: The most effective way to protect your and your company from this virus is to follow best practices. Microsoft’s basic recommendations: 1.) up to date antivirus protection, 2.) up to date security patches on your operating system, and 3.) a firewall in place. While this offers the basic protection for many threats, it is not enough for this particular virus.
It is critically important to never open an attachment unless you are certain it came from a legitimate source. This virus usually appears as if it is coming from a real company. Most often, it looks like an invoice from UPS, DHL, or a scanned attachment from a Xerox copier. If in doubt, do not open the attachment. Also, please do not forward anything suspicious to Eagle Network Solutions, but rather call us so we can remote in and examine it. In most cases, antivirus is not able to protect against this threat because it is executed (opened) by the user and specifically allowed by them.
If you believe that your system has been infected, immediately shut off your computer by holding the power button down until it shuts off or pull the power cord if you need to. Then, unplug the network cable if your computer is plugged into the network. This may prevent it from spreading across the network. Call our help desk immediately at (800) 704-6165 xt.1.
There are other best practices that are not implemented (by default) on most networks that can assist in protecting your network. These practices can be discussed by calling us and having a conversation about security.
Here are a couple of links about this virus.
In closing, we encourage you to spread the word throughout your organization in an effort to safeguard your company’s vital business information.
Kaleb B. Jacob, MCSE, JNCIS
For Technical Support:
Phone: (800) 704-6165 ext 1