26 Mar 2015

Cryptolocker: What you need to know and look out for!

What is cryptolocker?

Cryptolocker is Malware that encrypts documents and asks for money to unencrypt them. It can affect the personal data stored or your computer or company data stored on corporate file shares. Cryptolocker can bypass virus scanners and other security measures and uses social engineering to infect your computer. Usually the malware hides in an email from a person or company you would normally trust – like a bank, tax office or a friend.

Many layers of IT security can be used to protect against this very real threat. The area that can be the most effective and the one that needs the most attention is end user awareness. If you are educated on what to look out for your personal and corporate data can be protected. Many organisations are being infected with this malware, but there are ways to avoid it if you know what to look for.

We have put together some sample cryptolocker emails, to show you the tricks used so you can recognise them if they ever land in your inbox.

 

What to look out for:

Sample #1

The signs:

  • This sample contains a zip file attachment, which should never be opened unless you are expecting the e-mail.
  • The sender of the e-mail is not known to the recipient.
  • Bank transactions are typically not sent this way.

Sample 1

Sample #2

The signs:

  • Sender is known but the e-mail with this type of content is not expected.
  • There is no recipient on the To line
  • Refers to Google to try and establish trust
  • If you mouse over the link it is redirecting you to spodeli.de which clearly isn’t Google

Sample 2

Sample 2A

Sample #3

The signs:

  • Similar to sample #1 above
  • Refers to BPay to try and establish trust
  • Zip file attachments should not be opened unless you are expecting the e-mail.
  • The sender of the e-mail is not known to the recipient.
  • Bank transactions are typically not sent this way.

Sample 3

Sample #4

The image below is a recent example of a cryptolocker email posing as Australia Post. Before clicking or downloading any links, please ensure that you look out for the following:

  • Check to see if the ‘From’ email address is legitimate. In this case the ‘From’ address is yourparcel@commercialads.org.
  • You may also noticed that the grammar is irregular with multiple errors.

Crypto

 

What do I do if I receive an email I believe is infected?

  1. Do not open the attachments or click on the links.
  2. Delete the message and empty your recycle bin.
  3. If you do get infected, the first and most important step is to remove the machine from the network to limit the damage.
  4. Contact your IT department or Managed Service Provider if you are unsure for guidance.
Top