RansomWare Virus Affecting Windows Computers

A new RansomWare virus by the name of ‘CryptoLocker’ is infecting Windows computer, with a significant impact on users data. To help you to remain vigilant, we have included below some information about this virus and how to safeguard your business.

What does this virus do?

When this virus infects a system, it immediately encrypts the user’s data, and the data on any network shared drives that the user has access to.

Once the data has been encrypted, the virus prompts the user with a red background that requires the user to pay between $100 and $300 dollars to un-encrypt the data. The user has 72 hours from the start of the message to pay before the virus deletes the decryption keys.

Once the files are encrypted there are no other alternatives EXCEPT to recover the data from an offline backup. Online backup solutions ( like Carbonite, Mozy, Backblaze, and DropBox, etc…) are affected by the virus and will copy encrypted files to their repositories.

Will your Antivirus program protect you?

At this time, Antivirus vendors (such as Symantec) are still working on a solution to successfully detect this virus, and prevent its infection, but they do not have one yet. They also do not have a way to un-encrypt the files once they’ve been encrypted.

What you can do to protect your computer and your data?

• Do NOT open attachments from people you’re not expecting to get attachments from. This includes emails from printers saying they’ve sent you a scanned document, or from shipping companies stating there is a customer support issue.
• If you do not log onto the UA Domain to access your computer, but you would like help putting this mediation in place, please contact the OIT Support Center.
• Take regular backups of your data and store them offline. If you back up your files to an external HDD, do not leave it connected to your computer. Disconnect it after you have backed up your files.

What should I do if I’m infected?

• Immediately turn off your computer
• Do not attempt to move files or circumvent the problem

Please see this for more details:- http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/ 

Should you require further advice with regards to CryptoLocker please email [email protected]