Cryptolocker virus

The IT industry has noticed a surge in hacking/encryption type viruses, most notable being the Cryptolocker/Cryptowall encryption virus. The purpose of this notification is to assist our clients and educate you and your staff to avoid any infection within your network, we will first provide a bit of background as to what the Cryptolocker actually is.

Cryptolocker is a form of Trojan horse, that encrypts the files on the infected PC using RSA Public-key Cryptography (http://en.wikipedia.org/wiki/Public-key_cryptography) which renders the files it encrypts inaccessible and considered corrupted by normal means. To decrypt these files the Cryptolocker virus offers a ransom to the user to get their files back, costing upwards of $3000 USD, in order for the creator to provide the user with a decryption key and program.

Paying the ransom has yielded some results in the past however it's not a guaranteed method of recovering your data and the victim should weigh up the value of the data lost against the random (sometimes it's better to just let the data be lost and re-install the system from Backup).

Recovery without the decryption key and program should be thought of as impossible as the time it takes to decrypt 2048 encryption is unfeasible.

Prevention is the best cure in the case of this infection. We recommend a UTM (Watchguard device) in place along with antivirus but not clicking on the attachment is the only guarantee to not get infected.

Please notify all staff members and contacts not to click on suspicious attachments to emails or links taking you to external websites. This particular email could claim to be from the ATO, The Post office or any other reputable organisation. If in doubt, please contact your ICT company to verify its validity.

I have attached an example of the email below for you to take a look at. I have removed the particular link that you would normally click on but this will give you an understanding of the form this bug takes.

In a worst case scenario this  can infect a server or multiple servers and this in turn can cause countless hours of work getting data back to how it was prior to an infection.

Email Example*************************

 

Hello Sir/Madam,

Notification: [35524-39158610]

Status: In progress...

Information

The parcel was not delivered to your address on September 12, 2014 , because nobody was at home. Please check the information about your parcel, print it and go to the post office to receive your package.

Your tracking information

Important!

If you don't receive a package within 30 working days Australia Post will charge you for the Parcel Holding Service. You can find any information about Rates & Prices of Parcel Holding Service at the nearest post office.

 

End Example****************************