There’s a new virus causing potentially irreparable damage spreading across the entire internet. CryptoLocker is a ransomware program that infects entire computer networks and encrypts many file types, causing potentially irreparable damage. The virus enters an individual system when a user clicks a link, often sent via email that opens the door for the virus. At this point, the virus saves itself as a randomly named file, where it begins to wreak its havoc. The infection attempts to communicate with a server that the hackers have set up, which returns an encryption key to the virus. Using this encryption key, CryptoLocker will then scan all physical and mapped network drives connected to your computer for files with the following extensions:
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c.
Any of these file types that are found are subsequently encrypted using the public encryption key obtained by the virus. Once it finishes encrypting your data, it will prompt you with a CryptoLocker screen that informs you that your files have been encrypted, and demands a $100-300 ransom in order to decrypt your files. You are then given a 96-hour time limit, and a countdown begins on the prompt screen.
Remember that part about the virus affecting all physical and mapped network drives connected to your computer? This means that any user on your company’s network can potentially let the virus in, allowing it to infect your entire company’s network, and any machine within it.
At this time, there is no way to decrypt any of the files that are affected by the CryptoLocker virus, which is why having an online backup of all the information on your server is so critically important. As a client of TCI Technologies, your business is protected because we are able to restore everything that’s been compromised on your network from a system backup. If you see anything suspicious on your machine or on your network, contact us immediately for further assistance, so that we can mediate the problem as quickly as possible, and get your company back on its feet with your restored files.
Another thing that we must stress is that although your work email is filtered by TCI Technologies, the filtration systems that we have put in place will not scan your personal email. If you access your personal email from work, through servers such as Gmail, Yahoo!, Hotmail, Outlook.com, etc. those messages will not be scanned by TCI Technologies filters for viruses. We have encountered several clients who have been infected by this virus so far due to employees opening suspicious mail from their personal accounts, allowing the virus to surpass our protective scanning software.
This virus is cloning common domains that you may expect to receive emails from, but sends very suspicious messages. If you receive an email from UPS, you expect to see their logo at the top, with a number of accompanying graphics, and a personalized salutation. CryptoLocker has reportedly been sent masked as a shipping tracking link, but the emails containing these links have been general, unformatted emails, simply instructing people to click the link to track their packages. If you receive a message that is too simple to be real, it likely isn’t, so delete it immediately. This is just an example of what you may receive; the virus can appear to originate from many different familiar sources.
The best way to protect your business from malicious ransomware like CryptoLocker is by taking preventative measures, and trusting your system backup needs to a reliable, experienced company such as TCI Technologies. To protect your company by backing up your network onto cloud storage, or implementing any of the services we provide, please contact us today. We’re here to keep your company’s files safe so that you can run your business without interruption!