Crypto Locker Trojan
Well I've just had to deal with my first infection of crypto locker. Bad enough when it's on a single machine, but when that machine has access to network drives, then it becomes a real issue.
The trojan managed to encrypt about 150,000 documents on 3 network shares, so effectively stopping a company from accessing it's data. It also encrypted 1.8Gb of data on the user's documents folder, making those inaccessible too.
Combating crypro locker once it's on a machine is effectively useless, because if your anti-virus didn't detect it coming in, then it's not going to stop it doing what it was designed to do, which is to basically encrypt all word and excel documents it can get access to.
The only good thing I've found so far is that it runs as the currently logged in user, which means that if you have a good backup, you can just wipe the user profile and it's gone. I'd also run something like the Microsoft Malicious Software Removal Tool, which does find and remove the infection.
If you don't have a good backup, have a good anti-virus / internet security program. Prevention is always better than cure when it comes to viruses.
The means of infections I've seen so far are via email, but it has been reported on downloads as well, so a program which protects you against website downloading malicious files is better to have than not.
So far both Kaspersky Internet Security and ESET pick up the virus without issue. McAfee Enterprise missed it completely, and I haven't tested any of the free anti-virus programs, but I have faith in something I pay for, as they have a vested interest in keeping my machine safe. Anything that is provided for free, with an option to buy a better version from the same supplier isn't an option I'd ever choose.
If you do encounter the trojan, be prepared to lose everything. If someone is prepared to encrypt your files in order to demand money, do you really believe that they have the integrity to actually give you the decryption key once you pay....and they won't then ask for more??
You're IT equipment should be part of the "self preservation society". Make sure you install security patches, pay for a good internet security program, and don't trust emails that originate from an unknown source, or don't have your name in the "To" box, that's a surefire way of seeing mass mailing worms in action.
If you have concerns about your system security, please feel free to contact us.
Organisation:Jay Webb Consultancy Services Limited
Address:139 Woodville Road