SECURITY NOTICE: Cryptolocker Malware Threat

 

 

30 October, 2013
1532 HRS

A new and particularly nasty computer virus called “CryptoLocker” is running loose in the world.   CryptoLocker is known as “ransomeware” and encrypts specific files on your computer (photographs, videos, documents, spreadsheets, etc.)  There is no way for you to break the encryption –and the hackers demand you pay a ransom of more than $300.00   If you don’t pay the fee before the 72 hour deadline, your files are completely unrecoverable.  

The trouble is – paying the fee to criminals doesn’t always mean they are going to give your files back.

To complicate matters – it may be 24 hours between when someone gets infected and the virus does its deed. Because of this, it is important that infected systems be identified as quickly as possible and remediated immediately.

Always practice common safety – never click a link from someone you don’t know, don’t visit untrusted websites or follow links provided by unknown/untrusted sources.   Since the owners of this particular virus spoof the email address of reputable companies (FedEx, UPS, Chase) be careful when opening unsolicited mail from well-known companies and don’t open attachments such as Zip or EXE files.

If you become infected with CryptoLocker, contact the Service Desk at (405) 521-2444 immediately. We’ll assist you through the remediation process.

 

Respectfully,
Daniel Hanttula
OMES Security

Sample Email Indicators:
Subject:            “Annual Form - Authorization to Use Privately Owned Vehicle on State Business”
Attachment:      Attachments follow the naming convention of “Form_[Varying Digits and Numbers].zip. For example: Form_nfcausa.org.zip, Form_20130810.exe, Form_f4f43454.com.zip.
Spoofed Sender: “fraud@aexp.com” “Dewayne@nfcausa.org”
Sender IP: 209.143.144.3
Sender Host: mail.netsential.com