Recently, a new version of an old Ransomware virus appeared in people’s inbox’s this past week. Calling itself Crypto Locker, the infection begins with a stealthily laid spam email disguised as a file transfer notice. A particular client of ours recently opened the email, and clicked the download attachment link because the client was actually expecting files to be sent via email to him. It’s an especially dangerous situation in a business atmosphere, where the majority of the work is being completed on computers.
The email noted a file being sent from Xerox file transfer, which most likely does not exist, or is not widely available to the public. This is the first sign to never click a link in an email that is vague, or is delivered via an “outside” third party with no personal name attached to it. If this occurs in your email, delete it immediately.
Unfortunately, email, inherently, is not designed to be secure. It is a simple way of communication, but can be easily intercepted and often taken advantage of by sophisticated spamming techniques. For example, a recent malware attack disguised itself as a LinkedIn Invitation. How tricky is that? A technique for the majority of email applications or online browser email service, is to “hover” over the link, which basically means move the cursor to the attachment or “button” or other link in the email, but DO NOT click. Usually in a browser the associated link will appear near the bottom of the browser. If the domain name has no relation, looks suspicious, or appears as an unintelligible tangle of letters and numbers, it usually means it is not legitimate.
A good rule of thumb for reputable online services, like LinkedIn, Facebook, governmental agencies, banks, or other institutions is that their email communication with you will NEVER ask you for personal information, and should always redirect you to a link with the actual domain name in it.
What is especially dangerous about Crypto Locker is its ability to hide itself on your computer, while also infecting any associated servers or file backup systems. It intimidates users by warning them that their files have been encrypted, while presenting a countdown demanding money to “save” all of their files.
If this happens to you, and Crypto Locker appears on your desktop, the first piece of advice is to unplug your internet connection immediately—especially if your computer is a part of a network. The next piece of advice is to not pay for the “key” because an uninstall and decryption of files is possible.
What’s even more important for the technologically challenged, is to keep your operating system up to date, and use a trusted and reputable anti-virus program for scanning your emails, such as Kaspersky. Another important tool to enable is a backup system that automatically backs-up your files. For Windows, a default setting in System Protection records previous versions of your files, so as to enable a user to return to a previous version, much like Time Machine for Mac users. Yet, the affected computer cannot have open access to these backups, because otherwise Crypto Locker will access the server and continue the destruction.
Of course, your IT professional will be able to handle all of this for you, and if not, you can always contact a professional virus removal team.
To keep up to date with the latest, you can follow the reddit page: http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/.
End Advice? Back up your data to an external server or hard-drive that lives off of your local network.