The National Cyber Awareness System has posted a very serious warning on a malware campaign that will render your files inaccessible if you were to get your systems infected by it.
Microsoft Windows systems running Windows 7, Vista, and XP operating systems
Infected systems will have files encrypted And a ransom will have to be paid to obtain decryption methods. This may sound like a Agent 007 installment but it is not – I’m not James Bond and this is not a practical joke. Ransomware infections have significantly increased over the past few years – CryptoLocker is a new variant of ransomware that restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files. As of this time, the primary means of infection appears to be phishing emails containing malicious attachments.
CryptoLocker appears to have been spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. You should however pay attention to all emails you receive and not click on any links or attachments unless you are expecting them.
The malware has the ability to find and encrypt files located within your PC, servers, network storage, USB drives and also some cloud storage solutions.
If you are a victim please contact the Internet Crime Complaint Center (IC3).
The solution is prevention…The US Computer Emergency Response Team Recommends the following:
- Do not follow unsolicited web links in email messages or submit any information to webpages in links
- Use caution when opening email attachments. Refer to the Security Tip Using Caution with Email Attachments for more information on safely handling email attachments
- Maintain up-to-date anti-virus software
- Perform regular backups of all systems to limit the impact of data and/or system loss
- Apply changes to your Intrusion Detection/Prevention Systems and Firewalls to detect any known malicious activity
- Secure open-share drives by only allowing connections from authorized users
- Keep your operating system and software up-to-date with the latest patches
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams
- Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks
US CERT recommends the Following mitigation if you are infected:
US-CERT suggests the following possible mitigation steps that users and administrators can implement, if you believe your computer has been infected with CryptoLocker malware:
- Immediately disconnect the infected system from the wireless or wired network. This may prevent the malware from further encrypting any more files on the network
- Users who are infected should change all passwords AFTER removing the malware from their system
- Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware, or users can retrieve encrypted files by the following methods:
- Restore from backup,
- Restore from a shadow copy or
- Perform a system restore.
- CryptoLocker Virus: New Malware Holds Computers For Ransom, Demands $300 Within 100 Hours And Threatens To Encrypt Hard Drive
- CryptoLocker Wants Your Money!
- CryptoLocker ransomware – see how it works, learn about prevention, cleanup and recovery
- Microsoft Support – Description of the Software Restriction Policies in Windows XP
- Microsoft Software Restriction Policies Technical Reference – How Software Restriction Policies Work
- CryptoLocker Ransomware Information Guide and FAQ