Computerworld is reporting on a new piece of ransomware called CryptoLocker.  Delivered as an email attachment claiming to be from Xerox, UPS,  FedEx, or other trusted sender, CryptoLocker encrypts your files.

Cryptolocker

 

The bad guys give you a limited period of time to pay the ransom.

Once the payment has been made, the decryption usually begins. There is typically a four-day time limit on the payment option; the malware’s author claims the private key required to decrypt files will be deleted if the ransom is not received in time. If the private key is deleted, your files will essentially never be able to be decrypted — you could attempt to brute force the key, but as a practical matter, that would take on the order of thousands of years. Effectively, your files are gone.

Computerworld writes that this malware is very effective in evading antivirus protection.

How do the bad guys install this evil software?  Computerworld tells us how the attack works:

Cryptolocker comes in the door through social engineering. Usually the virus payload hides in an attachment to a phishing message, one purporting to be from a business copier like Xerox that is delivering a PDF of a scanned image, from a major delivery service like UPS orFedEx offering tracking information or from a bank letter confirming a wire or money transfer…The virus is, of course, an executable attachment, but interestingly the icon representing the executable is a PDF file. With Windows’ hidden extensions feature, the sender simply adds “.pdf” to the end of the file (Windows hides the .exe) and the unwitting user is fooled into thinking the attachment is a harmless PDF file from a trusted sender. It is, of course, anything but harmless.

The tool to fight deception in the inbox is SP Guard. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner. This is an inbox with the SP Guard security features.

sp guard inbox

You can contact us at  408-727-6342,ext 3 or use our online form.