Virus Alert: CryptoLocker Ransomware:

HI All,

Please educate your users not to click any unwanted emails (Company email or private email) with or without attachments. A new variant of RANSOM malware is spreading.

**

Virus Alert: CryptoLocker Ransomware:

** At Raksha we have been receiving technical support calls of this virus incident for past few days and we recommend users to follow safe computing practices. 1. Ensure you have a powerful web security gateway and also ensure laptop, Tab and mobile users to take cloud web security solutions or ensure laptop users browse only through a corporate web security gateway. (Tools like Websense Cloud Web security, Zscaler can help you protect laptop users from web threats even when they are travelling)

  1. Ensure your Anti-Virus Software is up to date and configured properly according to industry best practices.

  2. Ensure Backup of files and folders in Laptop and Desktop too. (Tools like Druva, Commvault, Symantec desktop and laptop option will come handy in case of a disaster strikes to recover files)

  3. Ensure your systems are patched regularly against OS and Application Vulnerabilities (Tools like IBM Tivoli End Point Management – Patch Management Tool will help patch systems on a regular basis)

  4. Ensure you have application control features in your firewall and end point security solutions.
    A new file-encrypting variant of ransomware called CryptoLocker has begun popping up in recent weeks, and this one is particularly troublesome. When this destructive new virus infects a computer, it encrypts all data files on the computer as well as any files available via mapped drives on connected servers. The virus then demands money from the victim for a private key that will decrypt the files and gives a time limit before the private key is destroyed. Cryptolocker (also called crilocker or crilock) is just the latest in the growing category of ransomware – which, as the name suggests, is a form of malware that typically holds data hostage and attempts to extort money from victims.

** How CryptoLocker Works

**

enter image description here

Reports indicate that Cryptolocker infection is primarily spreading via email attachments and links, often claiming to be regarding a dispute notification. Once the computer is infected, the virus uses a RSA 256 bit AES key to encrypt all data on the drive and mapped network drives. After all data has been encrypted, victims receive an alert such as the one in the above screenshot, in which either $100 or $300 is demanded in return for the decryption of the data. Victims can choose to go to a backup, attempt to restore to a previous version, pay the ransom via GreenDot Money Pak (which will effectively decrypt the data), or say goodbye to the encrypted data. The timer is functional, and the opportunity to pay for the data will no longer be available once the time lapses. This virus works regardless of whether the user is logged in as an administrator or not, and infection has been reported on Windows XP through Windows 7. Several antiviruses have been reported to not catch the virus until the data is infected – including Kaspersky, Microsoft Essentials and Eset.

**

How to Avoid Losing Data to CryptoLocker Infection

** While removal of the virus itself is not difficult, CryptoLocker is the only source able to provide the private key to decrypt the infected data, and removing the virus after infection will not help. At this point, preventing CryptoLocker comes down to smart, cautious PC use. The best defense is to keep proper backups of data that goes back several weeks. Along with vigilant backups, it is crucial for users to avoid careless browsing and to only click links and email attachments that are known with certainty to be from trusted sources. **

References:

** GLENDORA POLICE DEPARTMENT WARNS RESIDENTS ABOUT A NEW COMPUTER VIRUS THAT DESTROYS YOUR FILES IF YOU DO NOT PAY A “RANSOM”