New and Nasty Virus, Please read

This is from our IT Department, it has to do with a new and nasty virus, so read through and be on the look out. 😦

We have seen a new virus that attacks in a very new way.  
 
We want to give everyone a heads-up on this new threat so you can be on your guard.  
 
The worst part of this virus is that virtually all anti-virus software will not protect your PC at this time.  The virus is called CryptoLocker and it does it’s deed by encrypting all your files, here are the details:
 
First, you will see a red window on your computer, warning that your files are now encrypted and you can pay to get the key to decrypt and gain access to your files.  It encrypts all files on the C: drive, any external hard drives, USB thumb drives and mapped drives (server data).  They are so generous to give you 72 hours to pay before the key will be destroyed and then it can take up to 2 business days (obviously these crooks don’t work on weekends and holidays) to process your payment.
 
<image001.png>
 
The other sign you’ve been hit: you can no longer open Office files, database files, and most other common documents on your system.  When you try to do so, you get another warning, such as “Excel cannot open the file [filename] because the file format or file extension is not valid” or the files are garbage when opened.  CryptoLocker goes after dozens of file types such as .doc, .xls, .ppt, .pst, .dwg, .rtf, .dbf, .psd, .raw, and .pdf among others.
 
CyrptoLocker attacks typically come in three ways:
 
1)      Via an email attachment.  For example, you receive an email from a shipping company you do business with.  Attached to the email is a .zip file. Opening the attachment launches a virus that finds and encrypts all files you have access to – including those located on any attached drives or mapped network drives.
2)      You browse a malicious website that exploits vulnerabilities in an out of date version of Java.
3)      Most recently, you’re tricked into downloading a malicious video driver or codec file.
 
The software can be removed from your computer, but then the files that it has encrypted can only be recovered from backup.  The affected computer has to be reloaded completely.  The quickest and cheapest way to recover from this hijack is to pay the $300 to decrypt your computer and any files that were encrypted.  Reloading computers and restoring data takes time and money, well in excess of $300.
 
Keep in mind that antivirus software probably won’t prevent a CryptoLocker infection.  Moreover, running Windows without admin rights does not stop or limit this virus.  It uses social engineering techniques — and a good bit of fear, uncertainty, and doubt — to trick users into clicking a malicious download or opening a bogus attachment.  The hackers using this exploit are adapting the virus so quickly that AV vendors can’t keep up with the many CryptoLocker variations in play.  It’s up to individual users to stay vigilant about what they click.  The bad guys just keep getting badder.
 
Most of all be careful out there on the Internet (and email too).
 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s