We have had a few instances of a new ‘ransomware’ outbreak called CryptoLocker. This infection will encrypt files on an affected machine and the shared drives that the machine has access to (i.e. the server). Once infected, the ransomware demands $300 to decrypt these files.
The malware itself is relatively easy to eliminate, however the encrypted files will need to be restored from a backup. We are currently carrying out backups for all customers to ensure that they are up to date, should the worst happen. The easiest way for the malware to enter your network is to be transported via an email attachment; so as ever, please remain vigilant when opening attachments.
The various anti-virus vendors are working on creating fixes/preventative measures for this particular piece of malware but, currently, it still remains undetectable prior to infection. As the fix will be coming in the next few days we need to ensure your client anti-virus software is up to date. If you have any issues updating your anti-virus, then please contact a member of the Medhurst helpdesk team on 01489 563 000 or via email on support@medhurst-it.com.
In the meantime, if you discover an infection on your machine (a big red box in the middle of the screen demanding money), please unplug the power or the network cable immediately and call the helpdesk so we can check your server for encrypted files.
Please note, that this is just a precautionary measure to keep you informed of a potentially disruptive outbreak and the chances of your network being infected are low. As there is no current protection offered by anti-virus vendors, we wanted to advise you of the risks and best course of action.
For further information on the virus, please click on the following link: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information.