A recent NZ Herald article has brought the issue of Ransomware to the headlines again.  Read; Ransomware holds the world hostage

Ransomware is a constant threat that users should always be alert for.  Never open an attachment that you are not expecting or that is not in the expected format.  Never open an attachment from someone you do not know, or from an odd email address that does not match the sender.

Below is a copy of a UBT Virus alert that gives more info on the threat - Cryptolocker is just one of numerous forms that ransomware can take.

---------------------------------------------------

Warning Virus Alert!

A new ransomeware virus known as Cryptolocker is infecting computers globally and reinforces the need for users to be diligent in not opening email attachments from unknown senders.

What is a Ransomware Virus?

Typically Ransomware installs a malware application on your desktop or laptop and then requests payment to have it removed. A skilled IT technician can sometimes remove these for you.

What is Cryptolocker? 

Cryptolocker is a very nasty and destructive version of ransomware. Once installed, Cryptolocker silently encrypts your files and then hides the special key required to decrypt the files to somewhere on the internet. Without this key you will not be able to open any of your files. Cryptolocker will then ask you to pay a fee to get the decryption key. The fee is about USD/Euro $300.00, which is not cheap. This fee must be paid within a defined time period (usually 72 hours), or the server will destroy the decryption key and your files will be lost forever.

How do you become infected with CryptoLocker?

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHL, etc.

These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe.

Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

So how do you protect yourself from this attack?

1. Make sure you have an off-line back up of your data. The easiest method is to use an external USB hard drive and only plug this in when you are doing a backup. If you have on-line backup then this will also provide you with good protection as these services usually operate with multiple backups protected through powerful encryption and security measures.

2. Ensure you have a good anti-virus and anti-malware application installed, and regularly updated such as the Eset or Nod 32 as installed on all UBT supplied computers.

3. Be conscious of downloading any files from web-sites, and do not open email attachments that you are not sure of.

Cryptolocker - this is what it looks like on your computer. This user had to pay $300US to get their files unencrypted.