CrytpoLocker Trojan Warning

Many businesses and even State of Kansas Agencies have been targeted by a new form of ransomware – software that takes away access to your files and demands payment to return access.  This software has been spread mostly by very official-looking and targeted e-mails.  These e-mails may be very difficult to differentiate from real e-mails.  An example message is below:

From: John Doe
Sent: Tuesday, October 15, 2013 10:34 AM
To: Jane Doe
Subject: Annual Form – Authorization to Use Privately Owned Vehicle on State Business
All employees need to have on file this form STD 261 (attached). The original is retained by supervisor and copy goes to Accounting. Accounting need this form to approve mileage reimbursement.
The form can be used for multiple years, however it needs to re-signed annually by employee and supervisor.
Please confirm all employees that may travel using their private car on state business (including training) has a current STD 261 on file. Not having a current copy of this form on file in Accounting may delay a travel reimbursement claim.

Opening the attached file in the e-mail immediately starts a process that encrypts important files – Word, Excel, PowerPoint, photos, music, video, and many other commonly used file types.  The encryption used is effectively unbreakable, once encrypted ITS staff cannot restore access to those files except by accessing backups.

Contact ITS staff at 785-670-3000 immediately if you receive any messages you think may be malicious and do not open e-mail attachments unless they are expected and from trusted individuals.

For more information on Cryptolocker, see these links:

http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

http://www.kake.com/home/headlines/CryptoLocker-Virus-Strikes-Pratt-Police-Department-230602031.html

 

Speak Your Mind

*