CryptoLocker Trojan

Important Information for all Windows users - October 2013

A new Trojan is being found on many sites with a VERY destructive payload.

The "CryptoLocker" Trojan encrypts all documents, photos and email on the infected PC and any remote drives (on a file server, for example) that it can access and demands a ransom payment of $300 to unencrypt the files.

Even if the ransom payment is made, the files may not be recovered.

For detailed information CLICK HERE (Sophos AV Web site)

 

What you need to KNOW:

The Trojan appears to be spread by two main methods at present:

  1. Email - The Trojan is typically contained in a .ZIP file as a fake photo with a double file extension like: "20131101_121030.jpg.exe"  many systems hide the .exe extension, making the file look harmless.  If the file is opened, the Trojan runs silently until it has encrypted all the documents it can access.
  2. Malware - Systems with existing malware are being remotely instructed to download and run the CryptoLocker Trojan with no user input at all.
  3. The encryption being used CANNOT be undone by any known means at present - apart from paying the ransom and then it still may not decrypt the files.

 

What you need to DO - RIGHT NOW:

  1. UNINSTALL Java from EVERY Client PC and Laptop.  Go to Control panel and "Add/Remove Programs" or "Programs and Features" and uninstall EVERY instance of Java listed.  This will immediately disarm some types of malware and reduce the likelyhood of a new infection.
  2. Run a FULL scan with MalwareBytes Anti-Malware Ensure you UPDATE before scanning.  Remove everything found, including "PUP" entries that are not ticked by default.  Tick ALL detections, remove and reboot if required.  Run another scan after rebooting to ensure the system is clean.
  3. Be VERY careful not to open spam email with attachments - and do not click on links in spam emails.

 

Why remove Java?

Java is increasingly found to be a huge security issue with many vulnerabilities allowing attackers remote access or control of vulnerable systems.  The current Java update (Version 7 Update 45) includes fixes for 12 critical issues rated 10 (out of 10) for severity in previous releases, all of which can allow an attacker complete control of a computer.  As it is likely more vulnerabilities exist, the most secure option is to remove Java completely.

Historically, many web sites required Java to operate correctly, but it is becoming less and less popular and for most users, it can be removed with no ill effects at all.

If Java is required for Business-critical reasons, it is easily downloaded and installed from www.java.com

 

Summary 

These steps do NOT prevent all means of infection - it is up to the user to be aware of the need to not open links or attachments in spam emails and to avoid Websites and links in "bad neighbourhoods" on the Internet.

Ensure AntiVirus packages are up-to-date and run Malware scans regularly.

As it appears the criminals are profiting greatly from this particular Trojan and method of extorting money world-wide, it is likely that techniques like this will be developed and found more widely in the future.

Be aware thay ANY data you do not back-up you are liable to lose sooner or later, either due to human error, hardware failure, virus, fire or theft.