Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems

by Dan Lhotka

Most spyware we have encountered messes up the operating system.  It makes the computer slow, infects other computers, and throws up popups.  But most do not affect your data.

The latest spyware out there, CryptoLocker, is much different.  It will take the data on your computer and on the server you access and encrypt it.  It then stores the encryption key on its servers, and displays a ransom.  Pay $300 or lose your data. 

This is a very dangerous piece of software, because once it infects your computer, you have two choices – pay the ransom, or restore from backup. 

From what we can tell, the most common infection source is through email.  Emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

What to do :

1. Make sure your backups are up to date. Restoring from backup will allow you to recover your files.  For those people with V2 Systems Remote Management and Maintenance Agreements, we check your backups daily. 

2. Don’t open zip or archive files. The usual warning; don’t open attachments from unknown senders, or accept downloads you weren’t expecting. Don’t accept video codecs a website tells you are necessary. If a site tells you that you need a Java update or a new copy of Flash, check that it’s coming from Oracle or Adobe respectively.

3. If you get infected, and don’t have a full recent backup, then pay the ransom – but use a disposable prepaid debit card.

4. If you’re not sure if you are infected, or need assistance, call us at 703-361-4606 we will check things out for you.

5. Tell everyone in your organization, and be forceful; this is no joking matter.

We have also begun reaching out to our Monthly Service Agreement and Remote Management and Maintenance Contract clients, to implement a Group Policy Object to prevent the execution of CryptoLocker.
If you want more information about CryptoLocker, and how it works, read here:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Dan Lhotka
About Dan Lhotka