Security Alert: CryptoLocker is loose in the wild

10/25/2013 16:35
There have been increasing reports of a new type of “ransomware” virus that is particularly nasty. Ransomware is just what it sounds like: malware that demands a ransom be paid in order to get rid of it. It may pretend to be from a legitimate anti-virus program or even a law enforcement agency such as the FBI and may claim to have found embarrassing files. The goal of this type of infection is to steal credit card information during the payment process.
This one is named “CryptoLocker”, and it is very nasty. Not only does it demand payment to get removed, but it encrypts files on your computer making them unreadable by you. This means that even if you do eradicate the infection, you still won’t be able to open your documents, spreadsheets, pictures and music.
While there are tools to remove the infection (but not to decrypt your files), the safest course to not catch it at all. CryptoLocker spreads through email attachments and by browsing to infected websites.
  • As always, do not open any attachments or click on any links in emails unless you are very certain of the person sending it to you, and it appears to be relevant. For example, if you receive a message from a business associate that seems unusually personal and has a link or an attachment, it's likely that the email was "spoofed", or faked as being from them. Do not click.
  • Another way to get people to connect to malicious sites is through links and advertisements on the internet and in social media. While ads may fund the websites we love, they are just links to other sites and those links may not point to the site it says it's pointing to. When in doubt, just type it in or Google it.
  • Once at the infected site, CrypotLocker attempts to exploit a vulnerability in an older version of Java, so it’s time to update. There are also reports that it will try to get you to install an infected video driver or codec file as well.
If you do get infected, contact your IT provider immediately! You may be able to recover your files from your backup (you do have your files backed up, right?). If you can confirm good backups, you may be able to simply remove the infection and preform a restore.
Most importantly, if you do need to pay the ransom to retrieve critical files, use a prepaid credit card and not your regular card. The number will almost certainly be stolen.
Below are some links to more information: