Over the past 24 hours we have seen another flare up of a dangerous and quickly spreading malware known as Cryptolocker. This malware has many variants and there is no guarantee that it will be blocked, even with the combination of antivirus/malware scanners and spam filtering. The Malware is spread through email messages designed to get a user to click on an infected attachment or link. The email may appear to be sent from an account claiming to be customer support for a shipping carrier (UPS, FedEx), or Admin@yourdomainname, fax, or someone sending you a past due invoice, or a variety of other suspicious senders. These email messages are designed to look real, but have an infected payload attached. It is very important that you do not click on any links or open any attachments in any suspicious email messages. If you are questioning an email message, chances are it’s not legitimate. If you don’t know the sender, be safe and delete it… Do NOT open it.
Cryptolocker has been infecting PCs around the world and effectively holding the files on the PC and network server for ransom. The files are encrypted and completely unusable. The users who have their files encrypted are requested to pay $300+ in order to receive a key to unlock them. Paying the ransom does not guarantee that the bad guys will provide the key. If files are encrypted, the best course of action is to restore from a backup.
This is a world-wide problem and it has been very difficult for law enforcement organizations to identify and shut down all of the Cryptolocker command and control center servers. This is a very malicious and destructive virus and could potentially cause considerable downtime. The best way to stay safe is to delete any suspicious looking emails.
Please share this information with your staff.
If you have any questions on this issue, or any other security questions, please contact us at 847-838-5200 or email firstname.lastname@example.org