A number of clients have informed us of Cryptolocker derivatives attacking their networks so we urge all IT users to be diligent in terms IT security and re-iterate the following to all staff members that use IT….

 

  • DO NOT open attachments in emails from unknown sources.

  • DO NOT enable macros when opening documents, spreadsheets or PDFs unless from a known contact whom you have spoken to on the phone to establish the validity of the file.

  • Only browse trusted websites wherever possible.

  • DO NOT enable macros when requested within a web browser or web site.  If the site is a business partner please contact them for advice.

  • General awareness and suspicion of un-solicited email. 

If you have any doubts about an email or an instruction on the screen, we suggest that you contact your IT department or your helpdesk.

The purpose of Cryptolocker is to encrypt files on local, USB and Server network drives and an on-screen message demands a fee (ransom) for the de-encryption key.  The files are locked and cannot be accessed without the key.  Should anyone detect an issue opening a file that can usually be opened or suspect that they are infected please turn off the PC immediately and contact your internal IT department or your helpdesk. 

New variants of ransomware are being launched every day and the security vendors are constantly battling to write code to protect end users.  Despite being protected behind firewalls, anti-spam solutions and anti-virus products, these zero day virus’s* will cause business disruption if users allow them to deploy their payloads by opening files and enabling macros.  Education is essential to reduce the risk as is having good backups if you wish to avoid paying the ‘ransom’. 

*A zero-day virus (also known as zero-day malware or next-generation malware) is a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available. Traditionally, antivirus software relies upon signatures to identify malware.