31/03/2016
ATTENTION : Please read carefully and pass this information to all employees
in your organization,
CryptoLocker or ransomware, a new Dangerous malware virus, this virus can
damage your data in the computer.
A new variant of ransomware known as Locky (detected by Antivirus as
Trojan.Cryptolocker.AF) has been spreading quickly since it first
appeared on Tuesday (February 16). The attackers behind Locky have pushed
the malware aggressively, using massive spam campaigns and compromised
websites.
Locky Virus is being distributed via a Microsoft Word attachment with
malicious macros in it. Victims typically receive an email with an attached
Word document purporting to be an invoice seeking payment for some product
or service. Recipients who click on the attachment are presented with a
document containing scrambled content and an instruction to click on an
Office macro to unscramble it. Once enabled, the macro downloads Locky,
stores it in the Temp folder and executes it.
Locky encrypts files on victims' computers and adds a .locky file extension
to them. The ransom demand varies between 0.5 to 1 bitcoin (approximately
US$210 to $420).
One of the main routes of infection has been through spam email campaigns,
many of which are disguised as invoices. Word documents containing a
malicious macro are attached to these emails. Antivirus detects these
malicious attachments as
W97M.Downloader. If this macro is allowed to run, it will
install Locky onto the victim's computer.
Symantec telemetry indicates that Locky was spread by at least five
different spam campaigns on February 16. Most of the spam emails seen had a
subject line that read "ATTN: Invoice J-[RANDOM NUMBERS]". Another campaign
used "tracking documents" as a subject line.
The spam campaigns spreading Locky are operating on a massive scale.
Antivirus & anti-spam systems blocked more than 5 million emails associated
with these campaigns by, February 17.
Discovered: February 16, 2016
Updated: February 24, 2016 12:21:15 PM
Type: Trojan
Infection Length: 95,744 bytes
Systems Affected: Windows 2000, Windows 7, Windows 95, Windows 98, Windows
Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista,
Windows XP
Trojan.Cryptolocker.AF is a Trojan horse that encrypts files on the
compromised computer.
Initial Rapid Release version February 16, 2016 revision 049
* Latest Rapid Release version March 28, 2016 revision 033
* Initial Daily Certified version February 17, 2016 revision 017
* Latest Daily Certified version March 28, 2016 revision 034
* Initial Weekly Certified release date February 17, 2016
Please Read this Official Blog :
http://www.symantec.com/connect/blogs/locky-ransomware-aggressive-hunt-victi
ms
What is CryptoLocker or ransomware malware virus
CryptoLocker and ransomware is malicious software that encrypts your data
files (word, PowerPoint, pictures, music, videos, etc.). The nefarious
individuals then hold your data for ransom and try to extort money from you.
What computers are at risk?
All computers using Windows XP 2, Vista, 7, 8 and 10 This includes any Apple
or Linux based computers running Windows in a virtual environment like Boot
camp, Parallels or VMware.
What is encryption?
Encryption encodes your data so only you and authorized people or authorized
websites can read the data. Example - When you use a banking website that
has "https" in the address bar, the information you transmit to and from
that website is encrypted/encoded.
Why is it dangerous?
The encryption designed to safeguard your data is used against you when
CryptoLocker infects your computer. Your data files are encrypted with a
unique key that only the malicious people/hackers have access to. Encryption
can not be broken at this point in time without the key. When your data is
encrypted and the key is lost, the data is essentially lost forever.
How can I protect my data?
1. Backup your data to another location (network drive, external hard
drive, cloud storage, etc.)
1. Disconnect that drive when you are NOT backing up your data to it.
2. Consider paying for an online backup solution.
3. Disconnect all drives that you are not actively using.
What if I think my computer is infected?
1. Disconnect the computer immediately from ALL networks, wired or
wireless.
2. Contact the proper IT support group.
How can I avoid the malware infection?
1. Don't go to free movie sites, free software downloading sites, online
p**n sites, which are often the source of malware downloads.
2. Take care when clicking on adverts; never open Twitter links and
attachments from people you don't know or trust.
3. Personally owned computers -
1. Download and run
4. Do not download files from Torrenting services. These files are often
bundled with malware infections.
5. Do not use any VPN software (like hotspot shield) to unlock any blocked
sites by etisalat\DU, use safe web browsing habits
