Security Awareness Alert: Do you know what CryptoLocker is? It’s a recent malware threat that attacks your organization in the form of a “customer complaint” or similar attachments.

The FBI recently warned of a file encrypting Ransomware called CryptoLocker. In this attack, organizations receive emails with attachments labeled as “customer complaints.”  The attachment opens as a window and is a malware downloader, downloading the CryptoLocker malware.

According to the FBI’s statement:

“The verbiage in the window states that important files have been encrypted using a unique public key generated for the computer. To decrypt the files, you need to obtain the private key. A copy of the private key is located on a remote server that will destroy the key after the specified time shown in the window. The attackers demand a ransom of $300 to be paid in order to decrypt the files.”

If this happens to you, what should you do? Do not click any of the links to pay a ransom or decrypt the files. You need to contact your security department immediately, and they will have to scrub your hard drive and restore your files from a back-up. They can direct you to a better approach if possible.

How do you avoid this? The best way to avoid this attack is to stay aware of such tactics and look out for them.

  • Do not download attachments unless you are 100 percent sure the email was intended for you and you were already aware that specific sender would be sending you an attachment.
  • If you receive an email with an attachment you weren’t expecting, even if you know the sender can be trusted, verify they intended to send you the attachment and it is secure.
  • Detect fraudulent emails by looking closely at subject lines and the sender. Look for unfamiliar names, misspellings, general mailing lists that you didn’t sign up for, and urgent but out-of-place calls to action.

For more information on staying safe and security awareness training for your organization contact us here.