From time to time the threat landscape changes in a way that persuades me to contact my clients and let them know that heightened awareness and caution are needed. This is one of those times.
I will start this advisory with advice that must be passed around as thoroughly as possible to computer users everywhere.
Do not respond in any way to an email that proposes anything that you were not very specifically looking for.
Never click a link in an email unless you asked for the link from someone that you know, and they gave it to you directly.
If you receive a warning about a service that you use, go directly to the website of the service that you use in the way that you typically access it, such as using a bookmark or typing in the address into the address bar of your web browser. If the message is valid, the warning will be on the site.
If you receive a warning about a service or account that you don’t know about or know that you do not have or use, disregard the email and delete it.
Read Internet search results carefully when searching online for information. Only navigate your web browser to domains that you know and trust.
A relatively new form of malware, (read as a general term for “computer virus”), called CryptoLocker has been on the loose in the Internet for several weeks. It is a type of infection that we call “Ransomware”, because the attackers have designed the program to deprive you of access to the data on your own computer with the promise to restore your access once you pay them a certain amount of money. In the past, these types of attacks typically changed an attribute of your data file that made it invisible, but an experienced technician could easily restore access to the files after cleaning the infection off your computer.
Not so with CryptoLocker. The problem with CryptoLocker is that it actually puts all of your data files into an encrypted data file that is encrypted in a way not breakable by any means available outside of national security agencies. CryptoLocker starts to perform this encryption and removal of your data files immediately after your computer is infected, and once complete, a message arises that informs you that you have 72 hours and counting to pay $300 in BitCoin or MoneyPak, (untraceable payment methods). The screen contains a countdown timer that shows when your time is up, at which point the CryptoLocker servers delete the private key necessary to decrypt your data, and your data is lost.
If you see the window on your computer showing this message, it is very probably too late for ABN or anyone else to do anything about your data. The best thing to do is to shut down your computer by holding down the power button for five seconds, and then remove all network connections from the computer.
If your computer is connected to a network server sharing files, CryptoLocker will attempt to encrypt those files and it will succeed if you have read/write access rights to those files. Server data may be recovered from backup, however most personal computer hard drives are not backed up. If an external backup drive is connected to your computer at the time of infection, CryptoLocker will encrypt the backup, making it unavailable to you, as well as open DropBox, Google Drive, SkyDrive, or Jungle Disk connections.
There is no guarantee that you will receive your data back if you pay the $300 because law enforcement agencies are chasing the key server locations and shutting them down if they find them, which has the effect of canceling any outstanding ransoms in the process, and losing the data for those ransoms. In most cases, paying the ransom will unlock your data because the validity of the promise is what is making this threat so profitable.
Finally, because this threat has been so successful financially, it is likely that the number and type of threats similar to CryptoLocker will grow.
On an upbeat note, no clients of ABN have yet experienced this infection. We are doing our best to maintain your antivirus software at current revisions and updates if you are relying on us for that service. At this time, this is the best effort that we can make, along advisories like this one.