Hello Guest January 25, 2022, 20:26:57 *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
Pages: [1]   Go Down

Author Topic: Cryptolocker Attacks - IMPORTANT ADVICE  (Read 1425 times)

Jake_Savage

  • Forum member
  • Posts: 165
Cryptolocker Attacks - IMPORTANT ADVICE
« on: June 12, 2014, 07:57:34 »

N.B - this advice is centred for citizens of the UK but is equally as relevant all over the world!

There is a real threat that a new Cryptolocker virus is soon to reach our shores. The details are highlighted below and whilst it is lengthy it does explain what Crypto Locker is. I will also republish the attached on Horizon. Could you help to inform staff in order to protect them, our systems and their own personal systems.
 
The golden rule is:
Never open a Zipped attachment if you are not expecting it or do not know who it has been sent by. IT are taking measures to prevent these messages getting through but this may mean that genuine messages are held as suspect. If you are expecting a message with a zip file attached you will receive an email asking you to verify the message before it is delivered to you. If the message has a password protected ZIP file attached staff will need to call the IT service desk to have the message released if it is a legitimate message.
 
What is Cryptolocker?
CryptoLocker is a ransom ware trojan which targets computers. A CryptoLocker attack may come from various sources; one such is disguised as a legitimate email attachment. When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displays a message which offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline, and threatens to delete the private key if the deadline passes. If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators, for a significantly higher price in Bitcoin.

CryptoLocker typically propagates as an attachment to a seemingly innocuous e-mail message, which appears to have been sent by legitimate company.  A ZIP file attached to an email message contains an executable file with the filename and the icon disguised as a PDF file. Once opened the payload then encrypts files across local hard drives and mapped network drives with the public key, and logs each file encrypted .The payload displays a message informing the user that files have been encrypted, and demands a payment of 400 USD or Euro through an anonymous pre-paid cash voucher (i.e. MoneyPak or Ukash), or an equivalent amount in Bitcoin (BTC) within 72 or 100 hours  or else the private key on the server would be destroyed, and "nobody and never will be able to restore files. Payment of the ransom supposedly allows the user to download the decryption program, which is pre-loaded with the user's private key. Some infected victims claim that they paid the attackers but their files were not decrypted.

This is an email from my dads work place so is a reliable source.
Thanks for Reading - Take Care!

Jake
Logged

Mr Robville

  • Administrator
  • Posts: 2930
Re: Cryptolocker Attacks - IMPORTANT ADVICE
« Reply #1 on: June 12, 2014, 10:42:49 »

These emails do indeed exist. And a lot of them in fact.
I receive about 5-10 every week. Luckily they are always so random and unrelated that they stand out from real emails, but an unaware person might accidently open one of those files. So yeah, the golden rule is to delete it if you are not expecting it, and even if you are expecting it, see if the email is in any way related to your business and contact. (E.G. All of these emails open with "Dear sir" or "Dear <your domain name copied and pasted>") Instead of calling you by your name. If real sensitive information is being sent, the sender will know who the recipient is.
Logged
Pages: [1]   Go Up
 
 


SMF 2.0.14 | SMF © 2017, Simple Machines