US-Cert Alert (TA13-309A) CryptoLocker Ransomware Infections — really nasty malware

Original release date: November 05, 2013 | Last revised: November 06, 2013
Here are some notes about CryptoLocker from Pete Beebe, one of my colleagues at Jibe Consulting:

A Malware virus has been making the rounds recently that folks should be aware of.

This particularly nasty malware virus is packaged as an attachment in an e-mail sent from a supposedly reputable vendor such as FedEx, UPS or DHS.  The e-mail is designed to mislead the reader into downloading the apparently harmless attachment zip file.

Once downloaded and installed this “CryptoLocker” application proceeds to scan and Encrypt as many common files as possible, even those on network file shares accessible from the computer.

The malware application then pops up a Ransom message informing the computer user that their files are encrypted and inaccessible until money is paid to unencrypt the files.   If the computer user fails to pay the ransom in 4 days then  the private encryption key is deleted…..making all encrypted files inaccessible and useless.

As you can surmise, in a business environment this can be disastrous.

What can you do to prevent this?

  • Be vigilant regarding what e-mails and attachments you open.  If suspicious, always look at the e-mail address and try to determine if the address is legitimate.  Even this isn’t foolproof given that spammers can easily spoof the  e-mail address.  Notify the Help Desk if in doubt.  We are willing to review any suspicious e-mails for you if you do not feel confident in their legitimacy.
  • If an e-mail represents itself as a legitimate business and has links embedded in the e-mail, mouse over the link and look at the pop-up showing the web address the link refers to.  Most legitimate business related e-mails have a linked web address that can be traced back to their official web-site.  If URL link doesn’t match the official website of the e-mailer then  don’t click on it.
  • If an e-mail is received from a known business associate but still looks suspicious, e-mail them back asking for confirmation or pick up the phone and speak with them to obtain confirmation that the e-mail was indeed sent and legitimate.
  • Do not use company equipment and network access for personal use.  This will not completely eliminate the risk but can dramatically reduce the chance of infection.  Those family e-mails or friend’s pictures from last night can wait until you are at home and on your own computer and network.

There are various web references to the CryptoLocker malware virus.  Being an informed Internet user goes a long way to preventing these ugly situations from happening.  When you have the time review this web post for more details on this particular malware exploit:  http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#infected

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>