Don’t fall victim to Cryptolocker Ransomware
SymQuest would like to inform you of a relatively new malware infection we are working on for a few of our SafetyNet clients. It’s referred to as Ransomware, and this particular infection is called Cryptolocker.
What is Ransomware?
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. In most cases, the operating system is uninfected and remains functional. However, Ransomware blocks, or encrypts, your personal files so you can’t gain access to them until you pay the “ransom,” usually about $300. Worse than that, if a workstation has a mapped drive to a server, that server share can also become infected, as is the case with our affected clients. We are actively assisting these clients to clean the infections and restore their data from backup
How is it spread?
Cryptolocker, like many malware infections, is spread via infected web links (clicking on that ad in Facebook that you just aren’t sure about), phishing and other email scams. It encrypts any mapped drives attached to the system that holds the original infection. Cleaning the original infection is simple, but decrypting the files is not possible without paying the “ransom” to get the private key. In this particular strain, paying the fee does actually allow you to decrypt the files. The only other solution would be to restore from a full backup. Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb,
How is it prevented?
- Make sure your antivirus software is up-to-date; real-time scanning is enabled; and full scans are regularly scheduled
- Make sure your anti-malware software is up-to-date; real-time scanning is enabled; and full scans are regularly scheduled
- Make sure you have enabled email filtering protection to help reduce
- DO NOT click on any links on the web or via email that are even slightly questionable. When in doubt, delete it.
Learn more with this additional information:
- Cryptolocker at Malwarebytes site: http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
- Ransomware defined at Wikipedia: http://en.wikipedia.org/wiki/Ransomware_(malware)