There is of a new variant of a security threat called Cryptolocker. The vulnerability is enabled when a user clicks a hyperlink. By clicking that link, the user unknowingly provides authorization for the installation of malicious malware that begins to encrypt every shared file that the infected machine can access. In other words, this software has the potential to encrypt all data on the workstation, as well as servers to which it is attached, which can make your files inaccessible to you or others on your network.
After the encryption process is completed, you may see a notice like this:
This type of malware is known as ransomware. It requires that you pay a $300 “ransom” within 72 hours of the original encryption/infection to get the unlocking key necessary to decrypt your files. If you miss the deadline, the virus uninstalls itself and the files can no longer be decrypted (in other words, they are essentially “lost”).
News coverage suggests that paying this ransom does, in fact, result in the key being provided…but obviously there’s no promise of it. According to reports, IT professionals and antivirus vendors are struggling to undo, and ultimately prevent, the type of damage that this ransomware causes, many are finding that paying the ransom is the only way out.
To try to avoid this exploit, all users on your network should be reminded:
- Never click on a link or attachment in an email that you are not positive is from a trusted source. If you think the email looks suspicious, it probably is. It might be a good idea, in some cases, to email somebody to ascertain if a link is actually legitimate.
- If you use an email retrieving program (such as Outlook), disable image previews. Email options like Outlook, Thunderbird and others often automatically load attachments for your convenience, but this takes away your ability to decide whether or not a file is safe to open. To disable image previews in Outlook:
Click the Office button and choose Options.
Locate and click the Trust Center in the left side menu bar.
Hit the Trust Center Settings button.
Check the Don’t download pictures automatically in HTML e-mail messages or RSS items option.
Click OK and you are done.
- Be wary of files with a double-extension such as .txt.vb or jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like Paint.exe will appear to you as simply Paint. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first, safe extension – which is utterly meaningless to your computer; your system only recognizes the extension to the extreme right and run the file as such. If a common file type whose extension you never normally see suddenly becomes visible for no apparent reason, right-click on it, select Properties, and look for the complete file name. You may be surprised to find out what kind of extension it really has.
- Use USB drives with caution. Plugging someone else’s USB drive into your computer (or plugging your own into a computer at, say, an internet café) can spread an infection via the drive itself, not the file you’re actually trying to share. Whenever possible, transfer files between machines via email to keep potentially-infected hardware out of the equation.
- Beware of unusual emails from companies you do business with. If you receive an email from a company that you otherwise trust requesting information or recommending that you run a particular file, log into your account on that company’s page and see if there’s a notification there as well. Some scammers will get your trust by copying legitimate businesses’ email styles and using a similar-sounding reply-to address to lower your guard.
As always, we are monitoring the activities of industry security experts and vendors to implement protections as soon as they become available. In the meantime, however, please be aware that the threat exists and demands extra caution from all computer users.
At this time the suggested precaution is to remain vigilant about any suspicious emails and to not open any attachments that you are not expecting. Like any emerging threat it will take time for anti-virus and other security measures to discover and release a preventative update for this threat. In the meantime if you have any questions or suspect you are currently infected please contact our help desk immediately at 608-729-1301 or emailing email@example.com.