Cryptolocker Outbreak 2

Aug 11

11 August 2016

Caduceus wishes to advise all our customers of a new variant of the Cryptolocker Virus that is hitting mailboxes at the moment.​

The emails we have seen claim to be from New Zealand Post (but there may be other variants out there) and purport to be about an undelivered parcel.

The email comes with an attachment and asks the recipient to open it to view more information.The attachment is (often a zip file) is the virus and opening it will activate the Cryptolocker virus.

Once active the virus very quickly encrypts files across all hard drives (local and network). On completion, the payload displays a message informing the user that files have been encrypted, and demands a payment via Bitcoin. The message is quite informative, pointing to various websites where you can obtain bitcoins, and possibly having a countdown timer before their special offer of buying their decrypting program expires.

Once your files are encrypted they are useless to you and your company.

Your only options are to either pay the ransom to get the files unencrypted, or restore your files from backup. Either way it will likely represent a significant disruption to you and your business.

We cannot stress enough:​

  • Do not open emails or email attachments from people you do not know, or from emails you were not expecting.
  • If in doubt, ask someone else, and if you are still in doubt contact Caduceus and we will investigate.
  • These malware attacks are incredibly hard to detect and stop. Virus scanners currently do a poor job of detecting these types of attacks because the malwares actions look very similar to actions you or I might perform on the computer. 
  • Relying on your virus scanner to prevent these attacks is not recommended!

If you would like to discuss any of the above please contact Caduceus Support (

Remote Support