We first mentioned the Cryptolocker virus through social media channels and email communications to our customers about a month ago. If you missed that communication – you should know that this particular virus (currently) is spread when a user clicks on a link in an infected email or webpage and is known as ransomware. Once the virus runs – it then encrypts the contents of your hard drive and any network drives that may be connected (such as file servers), making your files unusable. The virus writer holds your files ransom for a fee, and assuming you pay, will give you the decryption key to get your files back (although there is no evidence that this actually works consistently).
I actually received an infected email (see below) yesterday. I very nearly clicked on this because we have a voicemail to email function and I assumed it was legitimate. Only after I looked at the to/from and the attachment itself (it was a .zip file – our voicemails comes as .wav files), did I realize this was a virus. Regardless – had I not been careful, I would have infected my machine and perhaps my entire company.
Here is a screenshot of the email I received – it looks very legitimate.
Please remind your staff to be extra diligent about what they click. If there is any doubt – do not click attachments. Pay attention to the file type (for example, most voicemails would not come through as .zip files).
We also encourage you to review your on-premises or cloud based drives that are mapped to local devices as drives. This is very common with Line of Business applications and not something that can be avoided. If you have to map drives to local PCs , you should review to what extent those files and folders should be shared and limit it as much as possible. If there isn’t a business case to have a drive connected – we strongly encourage you to disconnect those drives.