Untitled Document

Virus Alert -

Ransom Cryptolocker Variant

Some of you may be aware of the latest strain of Ransomware Trojans, Cyrptolocker (a.k.a. Ransomcrypt). The Cryptolocker encrypts and locks individual files and then prompts the user to purchase a password to decrypt them. There is no way to retrieve the locked files without the attacker's private key.

How do you know if you have been affected by Cryptolocker?

You will be presented with a ransom demand and will no longer be able to use your computer. The demand could look similar to the picture to the right.

How do you get infected?

Victims receive email messages with attachments or links to download documents. In some cases it could be from familiar companies. We recently received a suspicious email at TAB. The email looked like it was coming from our efax service. It seemed odd that it called for the recipient to download the message from dropbox. This was a scam, and a variant of the Ransom Cryptolocker.

What happens if the zip file is opened or downloaded?

If the attachment is opened or the link is clicked on, an executable file is downloaded. This executable file will eventually download and install the Trojan.Cryptolocker onto the computer. Once the Cryptolocker is installed it downloads the public key that is used to encrypt the files on the computer. This key is located on the cyber criminal's server. The encrypted files cannot be used without access to the cyber criminals server.

How can you protect yourself?

  • Never open, download, or click on a link or attachment in an email that is unfamiliar to you.
  • DO NOT PAY - There is no assurance that you will receive the decoder key
  • Call TAB
  • Install our PatrolDOG Web and Email Defense service. This service strips malicious code from emails and stops users from going to websites with malicious code.

Please contact us if you have any questions.

Thank you,

TAB Computer Systems, Inc.