CryptoLocker Ransomeware Still a Threat

Get Informed, Be Protected, Stay Prepared!

on August 24, 2016

We hate to say it, but CryptoLocker ransomeware is back and seems to be more elusive than ever. Although multi-media platforms have been talking about CryptoLocker for the past few years as well as HTI informing our client base via HTI ALERT emails and social media posts, support calls describing the infectious ransomware keep rolling in. Fortunately, the majority of infected callers were already backing up their practice data with at least one of our Backup Solutions.

WHAT IS CRYPTOLOCKER RANSOMEWARE?

CryptoLocker is a malicious form of ransomware, which targets all versions of Windows Operating system. It will encrypt any files it has access to on a PC, or across a network. It then tries to force the user into paying a fee by providing a de-crypting tool. It comes in multiple variants but all will display a message that it has encrypted your files by displaying a window you cannot close. The window will display the steps required to pay the ransom as well as a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your decryption key. (Thus rendering your files forever unusable.)

HTI does not recommend paying the ransom in ANY circumstances. Best practices to protect yourself and your practice include: employing and monitoring several backup methods, staying up to date on personal and employee education, and set standards for good office internet browsing habits.

HOW DO YOU GET CRYPTOLOCKER?

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. Newer variants are known to spread through other malware that get on your PC first. This means that CryptoLocker can propagate on its own rather than getting a user to open an infected email file.

Computers infected with CryptoLocker show no outward signs of infection; it only reveals itself after it has finished encrypting all the files it has access to both locally and across the network. When it is done encrypting the malware will display a pop-up message, complete with a countdown timer that gives victims a short window of time in which to decide whether to pay the ransom or lose access to the files forever.

HOW TO PROTECT YOURSELF & YOUR PRACTICE

  • Make sure you have an incremental or versioning backup and that it is running successfully at least once a day.
  • Confirm that you have an adequate anti-virus and anti-malware program on your network that is up to date and working properly
  • Inspect all email messages thoroughly, including the senders address. (Call the sender to confirm authenticity, UPS, FedEx, etc.)
  • Never open a file, link in an email, or link on a social website, unless you’re sure it was deliberately sent by the person themselves. It may seem interesting at the time, but the results could be catastrophic

THINK YOU’VE BEEN INFECTED WITH CRYPTOLOCKER?

  • Disconnect your computer from the internet immediately by removing your network cable or turning off the wireless connection
  • Disconnect any USB storage devices
  • Call High Tech Innovations tech support team at (973) 889-0030 Option 3
We do not recommend paying the ransom under any circumstances. Once infected, backup is your best option. The creators of the CryptoLocker Ransomware will do their best to facilitate payment by any means. There is no guarantee that your encrypted files will be be unlocked or restored even after submitting payment.