RECEIVED FROM MY IT GUY


Threat Level: High

Geographical Distribution: Very High

Removal: Difficult

Affected Systems: Windows XP, Vista, 7, 8, All Windows Server OS

Information:
Two new variants of the CryptoLocker malware that was in the news last fall have begun circling the internet. The two variations are known as CryptoWall and CryptoDefense. They operate in a similar manner to Cryptolocker by encrypting the files on your network shares and denying users access until they pay the ransom between $300 and $1000 or restore their files from backup. This is a wide spread attack with a high distribution rate.

The current variant is being spread by email that appears to come from UPS or from a faxing service. The email either contains an attachment or a link to a website to open the notification, which then downloads the virus. Many antivirus vendors do not yet have definitions and these emails often slip by spam filters.

Recommendations:
We are recommending all clients notify their users to be wary of suspicious emails appearing to come from UPS or about faxing and also verify they have current backups. If you see any indication of malicious behavior immediately shutdown the infected machine and disconnect from the network.

verified on Snoops.com

Origins: The so-called "CryptoLocker virus" is an example of ransomware, a class of malware that, once it has infected a particular computer system, restricts access to that system until the user pays a ransom. CryptoLocker is a particular form of ransomware known as cryptoviral extortion, a scheme in which key files on the system's hard drive are encrypted and thus rendered inaccessible to the user unless and until that user pays a ransom to obtain a key for decrypting the files.

The CryptoLocker worm is generally spread via drive-by downloads or as an attachment to phony e-mails disguised as legitimate messages from various business, such as fake FedEx and UPS tracking notifications. When a user opens such a message, CryptoLocker installs itself on the user's system, scans the hard drive, and encrypts certain file types, such as images, documents and spreadsheets. CryptoLocker then launches a window displaying a demand for ransom (to be paid in less-traceable forms such as Bitcoins and Green Dot Moneypaks) and a countdown timer showing the date and time before which the user must submit payment in order to obtain the decryption key before it is destroyed:

According to various accounts, users whose computers have been infected by CryptoLocker have been able to restore their files by paying the demanded ransom (usually $300 to be paid within 72 hours), and computer security companies haven't yet come up with a solid defense against the CryptoLocker malware:
If the ransom is paid before the deadline, a key is given to decrypt the files. If not, the key is destroyed and the files are effectively lost forever. Even advanced software security companies don't really have ways to restore the locked hard drive. Catching the hackers behind CryptoLocker may be the only way to retrieve the files.

The good news is that paying the ransom does actually decrypt the files, and the hackers behind CryptoLocker so far have been honest and not reinfected computers after the ransom is paid.

Security companies are working on a protection, but there isn’t one yet. Users should remain vigilant about their security online, double-checking the legitimacy of links received in emails and social media messages.
As the Guardian noted of CryptoLocker and its victims:
"If you haven't got a backup and you get hit by CryptoLocker, you may as well have dropped your PC over the side of a bridge," says Paul Ducklin, security adviser for anti-virus software company Sophos. Even if you had backed up your files, he says, if your back-up device was connected to your computer when CryptoLocker struck, you may not be able to recover them. Similarly, all the files in shared network drives that were connected at the time of the attack could also become encrypted and inaccessible.

CryptoLocker currently only affects PCs and can easily be removed with anti-virus software, but its effects cannot. "I don't think anyone in the world could break the encryption," says Gavin O'Gorman, spokesman for internet security firm Symantec. "It has held up for more than 30 years."


So should anyone hit by CryptoLocker pay up? "You'd be in the same situation if your laptop got stolen — it just feels worse because you know that there is someone out there who has got this key. If your data is worth $300 to you, it must be very tempting to pay up, just in case it works," Ducklin says.

According to Symantec, around 3% of people hand over money in the hope of getting their data back. "But remember, you're dealing with criminals," Rubin says. "There is no guarantee they'll send you the key, and if they know you're susceptible to blackmail what is to stop them from doing it again?"

Bear in mind that every penny you pay them will fund their endeavors to target other victims. "If even a few victims pay then the cybercriminals will think they have got a viable business model and keep infecting people and asking for ransoms. If nobody pays, they will stop these campaigns," says Dmitri Bestuzhev, spokesperson for Kaspersky anti-virus software

Read more at snopes.com: CryptoLocker (http://www.snopes.com/computer/virus/cryptolocker.asp#LtUhkzHA2LX6UgX1.99)

We've had prior experience with the cryptolocker virus.

I think it's always wise to REGULARLY back up all your documents, pictures, music and any other files that you would not want to lose. A portable USB hard Drive or even a large capacity thumb drive is well worth the cost. a 500 GB USB Hard Drive will run you about $50 on Amazon.

Never click on a link in an email. Never.
Never open an attachment that you are not specifically expecting. Never.

I think it's always wise to REGULARLY back up all your documents, pictures, music and any other files that you would not want to lose. A portable USB hard Drive or even a large capacity thumb drive is well worth the cost. a 500 GB USB Hard Drive will run you about $50 on Amazon.

I completely agree. This is something everyone should be doing regularly.

Sigh. I do back up weekly, but it's to my network cloud drive. I never considered that it might also be vulnerable.

I've received several of those purported package delivery emails recently but they were obvious phishing and I deleted. At what point will simply getting the message in our inboxes be enough to propagate a virus?