18 March 2016
We have become aware of a new variant of the Cryptolocker malware that’s particularly nasty and is currently doing the rounds. Please copy this to anyone you feel will benefit from this heads up.
Summary:
- The malware is arriving via email in the form of a Word Document claiming to be an Invoice.
- On opening the document a macro infects your PC, removes all security copies (shadow copies and restore points) and starts encrypting files.
- The malware will encrypt all files it can see – (so all files on your local PC, all network files), and very quickly.
- These files will be unusable and the only way to recover the files from this encryption is to either pay a ransom (approx. US$1000), or restore from backup.
A more thorough explanation is available at:
http://www.pandasecurity.com/mediacenter/malware/cryptolocker-locky-how-it-works/
or just google ‘Cryptolocker Locky’
We cannot stress enough:
- Do not open emails or email attachments from people you do not know, or from emails you were not expecting.
- If in doubt, ask someone else, and if you are still in doubt contact Caduceus and we will investigate.
- These malware attacks are incredibly hard to detect and stop. Virus scanners currently do a poor job of detecting these types of attacks because the malwares actions look very similar to actions you or I might perform on the computer.
Relying on your virus scanner to prevent these attacks is not recommended!
If you would like to discuss any of the above please contact Caduceus Support (support@caduceus.co.nz)