<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1170861149634641&amp;ev=PageView&amp;noscript=1">

DANGER: CryptoLocker Ransomware

Apr 14, 2014 8:28:10 AM / by

A note from our Network Services professional, Tom Warren, on the dangerous randomware by the name of CryptoLocker.  (& source:  http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

 

CryptoLocker.jpgTo All, I want to alert you to a randomware that has just struck another company in the Harrisburg area.  It is called Cryptolocker.  This is a particularly brutal virus in that it takes your files hostage, encrypting them at the level of 1024-bit or above, then sends you a ransom note.  The ransom note received by this company required payment of $400 to un-encrypt the files.  If you do not pay, then you do not get your files back. 

What is CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8.  This ransomware will encrypt certain files using a mixture of RSA & AES encryption.  When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files.  This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files.  This ransom must be paid using MoneyPak vouchers or Bitcoins.  Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

How do you become infected with CryptoLocker

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc.  These emails would contain a zip attachment that when opened would infect the computer.  These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe.  Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

The current list of known CryptoLocker email subjects include:

USPS - Your package is available for   pickup ( Parcel 173145820507 ) USPS - Missed package delivery   ("USPS Express Services" <service-notification@usps.com>)
USPS - Missed package delivery FW: Invoice <random number>
ADP payroll: Account Charge Alert ACH Notification ("ADP   Payroll" <*@adp.com>)
ADP Reference #09903824430 Payroll Received by Intuit
Important - attached form FW: Last Month Remit
McAfee Always On Protection   Reactivation Scanned Image from a Xerox WorkCentre
Scan from a Xerox WorkCentre scanned from Xerox
Annual Form - Authorization to Use   Privately Owned Vehicle on State Business Fwd: IMG01041_6706015_m.zip
My resume New Voicemail Message
Voice Message from Unknown   (675-685-3476) Voice Message from Unknown Caller   (344-846-4458)
Important - New Outlook Settings Scan Data
FW: Payment Advice - Advice   Ref:[GB293037313703] / ACH credits / Customer Ref:[pay run 14/11/13] Payment Advice - Advice   Ref:[GB2198767]
New contract agreement. Important Notice - Incoming Money   Transfer
Notice of underreported income Notice of unreported income - Last   months reports
Payment Overdue - Please respond FW: Check copy
Payroll Invoice USBANK
Corporate eFax message from   "random phone #" - 8 pages (random phone # & number of pages) past due invoices
FW: Case FH74D23GST58NQS Symantec Endpoint Protection:   Important System Update - requires immediate action

 

For more information you can refer to: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information.

Please make staff aware that they need to be extra vigilant when they are opening e-mails with attachments.  If they do not know where the e-mail came from or were not expecting an e-mail from UPS, for example, then do not open it.

Topics: computer virus, cryptolocker, Document Management, file encryption, random demand, ransomware, Tips and Resources

Phillips Office Solutions

Written by Phillips Office Solutions

Articles written under this account are submitted by various employees from Phillips Office Solutions. Each author's name can be found at the end of each post.

Leave a Comment: