Cryptolocker Ransomware: What You Need To Know

A new threat is doing the rounds on the internet called Cryptolocker Ransomware. It is spread via email attachments.

Please spend the time to read all of this email as the information contained is for your benefit.

This Ransomware is particularly nasty because infected users are in danger of losing their personal files forever. Even their backups can be destroyed.



How it works

If a user who receives the Ransonware in their email (an attachment), runs the attachment, they could harm their system.

Their personal files are encrypted with the only way to decrypt them is to pay a ransom of $300.

Let me repeat, even your backups can be destroyed.


What you need to do

Luckily we haven’t had a customer infected yet and lose their files but this threat is rapidly spreading throughout the USA and will soon be prominent here in Australia.

Please do the following:

1) Don’t open ANY email attachments received in your email no matter who they are from. Delete any that are random, unexpected or suspicious.

2) If you think the file is genuine, instead, save the attachment to your desktop. Right click the attachment in your email to access the save option.

3) Now minimise your email application, locate the file you just saved on the desktop, then right click the file and choose “Scan with Managed Antivirus”

4) Don’t install any pirated software or download illegal music and movies as the threat can be hidden inside.



What is Warringah IT doing to help stop this?

1) Firstly, we are letting you know about this particularly nasty threat.

2) For those of you on our Managed Services system, we have been busy pushing out updates to your computers.

3) We have told computers to restart to allow updates to complete correctly. IF you have noticed messages about your IT support has initiated a restart, don’t be alarmed, that it us.

4) We have increased the scope of time and frequency of quick scans and full scans on your computers.

Why are they doing this?

Simple answer. Money. There are scams everywhere in today’s life. This is just another one.

What else can you do?


1) Check your anti-virus.

For customers with our Managed Services system, in the system tray (near the clock) right click the blue (or green if its running a scan) icon called Managed Antivirus, then choose Open Managed Antivirus.

Now check the updates section to make sure it says “Current”. If it doesn’t say Current you can ask it to perform an update.

2) Patch your applications
. Open your web browser and go to www.ninite.com
Ninite is a tremendously useful utility to automatically update your applications.

Once you are at the website you will see a list of applications that you can install on your computer.

Choose the following:

Web Browsers – Chrome, Firefox
Messaging – Skype
Media – iTunes, QuickTime
Runtimes – Java, .NET, Silverlight, Air, Shockwave
Documents – Reader, Foxit Reader, CutePDF
Security – Malwarebytes
Developer Tools – FileZilla, Notepad++, WinSCP, PuTTY
Other – Google Earth
Compression – Z-Zip

Click Get Installer. Save the file to your desktop. Now close every open program on your computer. Go to your desktop, locate the file you just downloaded, double click it to start the update process.

Sit back and let it get to work.

3) Learn about the file system.

By default, your computer doesn’t display file extensions. Virus writers know this. So they quite simply name the file “attachment.PDF.EXE” but on your computer it simply displays as “attachment.PDF” (hiding the EXE)

This may give you the false confidence that the file is OK to open.

Zip files are another method they use to get people to infect their computers. Firstly, you receive an email with an attachment with a name like attachment.ZIP. A users double clicks this file which opens the program used to extract files from inside the ZIP file.
I
nside the ZIP file is another file like “attachment.PDF.EXE” but on your computer it simply displays as “attachment.PDF” (hiding the EXE)

This may give you the false confidence that the file is OK to open.

EXE files are dangerous. EXE means executable, meaning when you click on it, it executes commands on your computer.

4) Unhide file extensions.


This is an important step. By just doing this step below it will go a long way to stopping you from running something you shouldn’t.

When we setup computer we like to show file extensions. This helps educate users to understand more about their computer and file extensions.

To show file name extensions in Windows Explorer, follow these steps:


For Windows Vista, Windows 7

Start Windows Explorer, you can do this by opening up any folder.
Click Organize.
Click Folder and search options.
Click the View tab.
Scroll down until you notice Hide extensions for known file types, un-check this line by clicking the check box.
Click OK

For Windows XP

Start Windows Explorer, you can do this by opening up any folder.
Click Tools, and then click Folder Options.
Scroll down and then click Folder and search options.
Click the View tab.
Scroll down until you notice Hide extensions for known file types, un-check this line by clicking the check box.
Click OK

What to do if you get this Ransomware?

Turn off your computer straight away.
Don’t try to solve it yourself as you will allow the threat to run and encrypt your files.
Don’t pay the ransom.
Don’t ignore it, it will not go away. It will encrypt your files, AND your backup meaning little chance of getting any of your personal files back.

This entry was posted in General. Bookmark the permalink.