A new variant of the the virus 'Crytolocker' has been detected and is now loose on the internet waiting to attack your data.
This is an extremely dangerous and damaging virus as it will encrypt your data and there is NO KNOWN way to unencrypt the data. This virus has the potential to effectively cripple your ability to access your data forever. It effectively locks it in a safe and without you paying the ransom you will be locked out.
The virus will encrypt data on your local computer usb devices and network shares and replicate itself to your cloud storage. It operates in stealth mode and will announce its presence only when the damage is done. The virus is now known to be in the hands of criminals and it is anticipated it will be modified to target specific groups.
We are therefore advising all computer users to take the following precautions:
- Do NOT rely on your anti-virus to protect you from this virus. A solid proactive approach should be taken with this threat.
- Ensure that backup devices are NOT left attached to computers or networks and only connected on the designated backup days.
- If the device is a network based device it should be turned off except during the backup time frames.
- If the backup schedule is on a daily basis the device should be connected at least one hour prior to the backup and on the next day removed.
- We recommend the two copy rule on all data and are advising you NOT to rely on cloud storage copies of data which can, without your knowledge, replicate the encrypted data and overwrite your cloud storage data.
- Be aware non windows devices (tablets, smartphones, iphones) can download the virus to your data and it can later be triggered if a windows machine accesses your data and comes across the infected file.
CryptoLocker targets computers running Microsoft Windows and runs only on Windows computers.
CryptoLocker is known to spread via infected email attachments but it is likely it can be found on booby trapped websites.
The malware encrypts certain types of files stored on local and mounted network drives using RSA public key cryptography with the private key stored only on the malware's control servers.
The malware after encrypting your data demands a payment via Bitcoin or a pre-paid cash voucher by a stated deadline, and threatened to delete the private key if the deadline passes. If the deadline is not met, the malware offered to decrypt data for a significantly higher price in Bitcoin.
Files are encrypted in a way which researchers considered infeasible to break.
