CryptoLocker
We at Group 4 Networks have been following news on a new type of malware,
In a short time, it has become common knowledge to avoid emails from UPS, FedEx, DHL, and any other shipping services, mostly due to these emails including an attached zip file
In the past couple of months the severity of such emails, from UPS, FedEx, and DHL has increased.
A new type of malware is propagating the internet. This piece of malware is called “CryptoLocker”. CrytoLocker is actually ransomware, a type of malware that asks the user to pay to get their data back, within a certain amount of time.
Once the email attachment has been opened, CryptoLocker starts to operate. Once started, the program starts to encrypt the user’s local hard drive as well as any mapped drives attached to the computer.
Only certain file types are encrypted, files such as documents, pictures, and some other proprietary formats.
Due to nature of how CryptoLocker operates and how encryption works, once the process starts, it is a very complex procedure to decrypt the files.
Please ensure you do not open any zip files from untrusted sources. You should also double-check from trusted sources if the emails are legitimate.
The image below depicts how the virus’s screen looks like if the virus has been launched on a computer.
How Cryptolocker screen looks
For more information on CryptoLocker please visit the links below,
http://www.us-cert.gov/ncas/alerts/TA13-309A
https://threatpost.com/forensics-method-quickly-identifies-cryptolocker-encrypted-files/103049
If you have any concerns or would like more information, please contact the Group 4 Networks team.
