Brendan McGowanBrendan McGowan, Chief Technical Officer | Safe Systems

There is a new malware threat called CryptoLocker that all of your financial institution’s users and clients need to be aware of. This specific threat is a reminder to not open any email attachments that are not expected and do not come from a trusted sender. Here’s a detailed description of what we’ve learned about the malware since identifying it:

What does CryptoLocker do?
CryptoLocker is a class of malware called ransomware. It encrypts your personal files until you pay a ransom to get them decrypted. The ransom is currently $300. It not only encrypts personal data on the computer, but can also encrypt shared data on your server that is visible through a mapped drive letter.

How do I get infected with CryptoLocker?
There are multiple ways to get infected. Most infections have come from an infected email attachment. The email has appeared to come from shipping companies, credit card companies, fake scanner notifications, fake voicemail notifications, etc. It contains a zip file attachment that contains infected executables. The confusing part is that the infected executables are sometimes disguised with a PDF icon. There have also been reports of infections from botnets and drive-by downloads.

Won’t my email filter or antivirus program prevent any infection?
In most cases, existing filters are effectively blocking the infection, but the virus is evolving rapidly. No filter is 100% effective. As usual, the best defense is a well-educated user.

Have any Safe Systems customers been infected?
No. This threat has not appeared on any customer network at this point. The email filters for SafeSysMail have successfully blocked infected emails from being delivered. The NetComply managed antivirus service has also successfully blocked infections. However, this threat is evolving rapidly. We are proactively notifying our customers to help prevent infection.

What should I do if I get infected?
Apart from paying the ransom, the current best solution is to restore data from a backup. If you think you have been infected, do not move or delete any data.

RELATED: Information Security — 10 Steps Users Should Follow to Help Protect Your Financial Institution