This is a psot to advise you of the dangers of a new Virus out in the wild, CryptoLocker.
We have seen a number of clients in the past 24 hours get caught out by this new variant of CryptoLocker even though they had up to date Antivirus, a patched Windows operating system and no Administrative privileges.
We’d like to try and explain to you, how to best protect yourself from getting infected.
If in doubt, don’t open and delete!
The biggest way that we’re seeing infection is by Email Phishing.Sample email that maybe infected with Cryptolocker
Phishing is a method that Virus makers use to trick you in to opening emails, visiting a website and clicking links for something that you may think is genuine.
What do these include? Emails posing to be from PayPal, eBay, Australia Post, the Major Banks (ANZ, CBA, Westpac, NAB) just to name a few.
Sure, they’re reputable brands, but, how do you know it’s actually from them?
If you receive an email and you’re unsure of it’s origin – DELETE IT!
Better to be safe than sorry!
The other way we’re seeing the virus being contracted is from Illegal software download sites such as using BitTorrent.
Whilst “free” music and movies are readily available – they are prone to be infected.
Again, the origin of the files in most cases are unknown so the best option is to not allow the use of this technology on business computers.
What does CryptoLocker do?
The CryptoLocker virus encrypts your entire hard drive contents so that it’s a blob of encrypted data.
The hacker or virus writer has the key to unlock the encrypted data, but, they will only do this in return for some money usually paid by BitCoin, PayPal or Western Union or Credit Card which they usually will then scam money from.
Once your data is encrypted, there is virtually no way to get it back, unless you have a good backup.
So, I’ve been hit with CryptoLocker, what can I do?
The first thing to do is isolate the spread of the Virus.
Disconnect your computer from the internet by removing the Ethernet cable or disconnecting from Wifi.
Contact IT Medic on 1300 486 334.
Under no circumstances should you pay the randsom money.
What’s the moral of the story?
If it looks like fish, and it smells like fish, it’s probably fish!
If you receive unsolicited email, or you simply don’t know who it is from – DELETE IT.
Make sure you have backups and make sure your backups are stored in more than one location – we’ve seen situations where not only is the data on the local machine encrypted, but so are the backups!
If you’d like to speak to us about how we can assist you with your backups, including offsite backup to a secure location, please contact our team on 1300 486 334.
We hope this email has been helpful in understanding what’s out in the wild, and how not to get infected.
The Team @ IT Medic