There is an active threat delivered via email named CryptoLocker that is making the rounds. While we are relatively safe from external threats such as this one, we thought we would give everyone at Tripp Lite a reminder to NOT open any attachment inside an email you were not expecting. Here is how CryptoLocker works: The “virus” comes through in an e-mail attachment (UPS tracking, Better Business Bureau report, etc.) as a .Zip file. When the user opens it and launches the attachment it runs an encryption application set to encrypt (scramble) all files on your local drive and any network shares with specific extensions (.doc, .xls, etc.). Once the files are encrypted, they demand payment of $100-$700 for the encryption key to unencrypt the files. After a timer counts down, your time is up and your files are lost as the unique encryption key used to encrypt the files on your system is destroyed and the files are forever unable to be unencrypted. The only solution is to restore the encrypted files from backup which would be incredibly time consuming and difficult as it doesn’t encrypt every file, and there doesn’t seem to be a way to determine which it did and which it didn’t – leaving us to restore individual files as needed as opposed to all in one fell swoop. Because this “virus” isn’t really a virus (it’s categorized as malware/scareware), but an encryption method that’s used all of the time for security purposes, anti-virus software may not detect it as such. The best way to protect against a threat of this nature is user education. E-mail users HAVE to be aware of the attachments that they’re opening: IRS, FedEx, UPS, Better Business Bureau and Verizon are popular methods to trick people into opening attachments – usually by scaring them that something’s wrong (you have a complaint, you’re being audited, etc.) or by providing you a way to check on something you’re not expecting (open this Zip file and run the attachment inside to track your package, open this for your recent bill, etc.). Other methods getting popular are “resume.zip” files from LinkedIn connections you’ve never heard of before, or generic “You’ve received a scanned attachment from a Xerox WorkCentre”. As a general rule, if the attachment is a .Zip file and you don’t know SPECIFICALLY who it’s coming from, there’s a 99.9% chance that it’s nefarious in nature. The best recourse is to delete it and never open it. If a user has a question regarding its validity, they can always forward it to the IS Helpdesk, attachment in place, and we will tell them whether it’s real or not. If anyone sees this screen, they should immediately disconnect their computer from the network (pull their network cable) and call the IS Helpdesk – while leaving their system up and running at that screen. As we’ve said, since we remove any external email that has an executable attachment (even if it is within a .Zip file) and most users do not have rights to install software, we are reasonably secure against this threat. However, everyone should also be aware that this threat can strike at home on your household computers from your personal email. Remember, any and all security measures we pass along regarding protecting Tripp Lite can also be applied at home.
Posted on: Wed, 30 Oct 2013 13:05:21 +0000
Trending Topics
Recently Viewed Topics
© 2015