4/11/2014

Avoid These CryptoLocker Email Subjects

Back in November 2013, we posted CryptoLocker: What It Is & How to Prevent It. Although we are well into 2014, this malware is still affecting our clients.

As explained in our previous post, CryptoLocker belongs to a particular strain of malware referred to as “ransomware.” Ransomware gets its name from the ransom it demands while holding your computer hostage. Cryptolocker asks for $300 in exchange for decrypting your files that it has locked down.




How does Cryptolocker get on my computer?

This ransomware is spread through email attachments. Take these steps BEFORE you click on any links or attachments:
  • Think. Have you ever received an email like this before? Do you know the sender? In the case of the USPS scam, have you actually shipped anything recently?
  • Hover over the link. If you hover over the link, you can see the address it will take you to. For example, a link may claim to be a company's new terms and conditions, but hovering over it will show that it's actually linked to a zip file (which will infect your computer when clicked on).
  • And if you’re still not sure…Google! If you’re still having a hard time discerning if an email or site is harmful, a quick Google search will usually tell you the answer. For example, if you Google “USPS email,” on the first page of search results you will see several articles warning against fake USPS emails.

The current list of known CryptoLocker email subjects include the following:

USPS - Your package is available for pickup ( Parcel 173145820507 )
USPS - Missed package delivery ("USPS Express Services" <service-notification@usps.com>)
USPS - Missed package delivery
FW: Invoice <random number>
ADP payroll: Account Charge Alert
ACH Notification ("ADP Payroll" <*@adp.com>)
ADP Reference #09903824430
Payroll Received by Intuit
Important - attached form
FW: Last Month Remit
McAfee Always On Protection Reactivation
Scanned Image from a Xerox WorkCentre
Scan from a Xerox WorkCentre
scanned from Xerox
Annual Form - Authorization to Use Privately Owned Vehicle on State Business
Fwd: IMG01041_6706015_m.zip
My resume
New Voicemail Message
Voice Message from Unknown (675-685-3476)
Voice Message from Unknown Caller (344-846-4458)
Important - New Outlook Settings
Scan Data
FW: Payment Advice - Advice Ref:[GB293037313703] / ACH credits / Customer Ref:[pay run 14/11/13]
Payment Advice - Advice Ref:[GB2198767]
New contract agreement.
Important Notice - Incoming Money Transfer
Notice of underreported income
Notice of unreported income - Last months reports
Payment Overdue - Please respond
FW: Check copy
Payroll Invoice
USBANK
Corporate eFax message from "random phone #" - 8 pages (random phone # & number of pages)
past due invoices
FW: Case FH74D23GST58NQS
Symantec Endpoint Protection: Important System Update - requires immediate action


Is there anything that can protect my computer from Cryptolocker?
The only proven preventative tool is Malwarebytes Anti-Malware Pro. If you have this running and Cryptolocker tries to attack your computer, it will be blocked. However, if you do not have Malwarebytes running and Cryptolocker gets on your computer, there is nothing that the software can retroactively do to remove it.


malwarebytes white logo Baroan Technologies offers Malwarebytes Anti-Malware Pro and Kaspersky Antivirus as options you can include in your maintenance plan. Contact us for further information.

What happens if Cryptolocker succeeds in holding my computer ransom?
You are at risk of losing your computer’s files beyond recovery. If you have a backup that is NOT stored on your computer, then your files can be restored from that. Backups stored locally are at risk of infection.

3 comments:

  1. Very good post. I'm facing some of these issues as well..
    عقارات جدة
    3kary.com
    شقق للإيجار بجدة
    http://3kary.com/property-status/apartments-for-rent/
    شقق للبيع بجدة
    http://3kary.com/property-status/apartments-for-sale/

    ReplyDelete
  2. Everything is very open with a precise explanation of the issues. It was definitely informative.
    شركات نقل العفش بالمدينة وينبع
    Prokr.com
    نقل العفش بجدة
    Albyaan.com
    شركة نقل عفش
    Prokr.org
    نقل عفش بالرياض
    Shoala.net

    ReplyDelete