• Proudly serving Virginia, Maryland and DC
  • via
  • Call Us Today: 703.361.4606

CrytpoLocker – a Dangerous New World

Oct 29, 2013 | IT News

Most spyware we have encountered messes up the operating system.  It makes the computer slow, infects other computers, and throws up popups.  But most do not affect your data.

The latest spyware out there, CryptoLocker, is much different.  It will take the data on your computer and on the server you access and encrypt it.  It then stores the encryption key on its servers, and displays a ransom.  Pay $300 or lose your data. 

This is a very dangerous piece of software, because once it infects your computer, you have two choices – pay the ransom, or restore from backup. 

From what we can tell, the most common infection source is through email.  Emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

What to do :

1. Make sure your backups are up to date. Restoring from backup will allow you to recover your files.  For those people with V2 Systems Remote Management and Maintenance Agreements, we check your backups daily. 

2. Don’t open zip or archive files. The usual warning; don’t open attachments from unknown senders, or accept downloads you weren’t expecting. Don’t accept video codecs a website tells you are necessary. If a site tells you that you need a Java update or a new copy of Flash, check that it’s coming from Oracle or Adobe respectively.

3. If you get infected, and don’t have a full recent backup, then pay the ransom – but use a disposable prepaid debit card.

4. If you’re not sure if you are infected, or need assistance, call us at 703-361-4606 we will check things out for you.

5. Tell everyone in your organization, and be forceful; this is no joking matter.

We have also begun reaching out to our Monthly Service Agreement and Remote Management and Maintenance Contract clients, to implement a Group Policy Object to prevent the execution of CryptoLocker.
If you want more information about CryptoLocker, and how it works, read here:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

More From V2 Systems

The Audit Readiness Problem Government Contractors Can’t Afford to Ignore

Many government contractors are not failing audits because they lack tools. They are failing because documentation is incomplete, evidence is disorganized, and readiness starts too late. This blog explains the most common gaps and how to fix them before an audit begins.

Read The Post

You Can’t Secure What You Can’t See: Why Asset Visibility Is a Cybersecurity Requirement

Asset visibility is one of the most overlooked parts of cybersecurity. In this blog, we explain why businesses need clear visibility into hardware, software, users, and cloud assets to reduce risk, strengthen operations, and support compliance.

Read The Post

When One Suspicious Alert Prevented a Much Bigger Disaster

A former client narrowly avoided a much larger cybersecurity incident after suspicious Microsoft 365 activity revealed an unauthorized intrusion. In this blog, we break down what happened, how phishing may have played a role, why MFA still matters, and what businesses should do next to reduce risk and respond quickly.

Read The Post

CMMC in Practice: How Day-to-Day IT Operations Affect Compliance

CMMC is not just policy. It depends on day-to-day IT execution like patching, access control, monitoring, and documentation. This blog explains what contractors should focus on now, plus why the assessment process can be more expensive than expected.

Read The Post

What Happens After the Breach: How Incident Response Really Works for SMBs

Incident response is what determines whether a cyber incident becomes a short disruption or a major business crisis. This blog explains the real steps SMBs should take after a breach and how MSP support speeds recovery.

Read The Post

Free
Small Business Cybersecurity Checklist

cybersecurity checklist graphic