Community PSA: Ransomware Infections are Growing

Over on the patching email discussion list, there's been a long discussion over the past couple days about the growing proliferation of Ransomware, or CrytpoLocker activations. This problem is growing at an alarming rate, so it's definitely worth warning all of you here at Windows IT Pro.

What it is

Ransomware is usually distributed through email attachments, but can sometimes be pushed through other methods directly to the end-user's PC. Once the user clicks on the file the damage is done. The attachment locates specific file types on the computer AND on the network (it maps network drives, seriously) and encrypts the files so they are inaccessible. The malware gets its name, Ransomware, because it will demand money to get access back to the encrypted files and provide payment options.

What it does

Per a Reddit post the CryptoLocker infection does the following:

Is anyone safe?

It has been confirmed to infect computers running Windows XP through Windows 7 64bit. No Windows 8 infections have been reported yet. Again, once the CryptoLocker has been activated, it's too late. There are currently no patches to solve this problem, AntiVirus will not protect, and the Trojan does not rely on administrative rights to infect, i.e., anyone can be infected. Several AntiVirus vendors offer cleanup tools.

Sophos has a blog post that talks more about the recent warnings and offers suggestions and help. Read that here: Information regarding the Cryptolocker ransomware Trojan making the rounds

Bottom Line

Remind your users to NEVER click on attachments or files from an unknown source. If there's ANY question, have them contact the HelpDesk or official support group within the company.

Be careful out there.