Cryptolocker

Created: 07 Nov 2013 • Updated: 08 Nov 2013
Login to vote
+2 2 Votes

Cryptolocker (http://en.wikipedia.org/wiki/CryptoLocker) is a new malware that surfaced recently. It is wreaking havoc on Windows file shares and locking people out of their files. The malware encrypts commonly used documents and prevents the user from accessing them. The malware will then attempt to extract payment from you to unlock your files. Arstechnica has a great writeup on this (http://arstechnica.com/security/2013/10/youre-infe...).

 

Some tips on dealing with this malware:

  1. Ensure your virus protection is up to date
  2. Restrict workstation permissions so that the general users have limited access rights
  3. Ensure your backup policies are good
  4. Make sure all your fileshares are backed up often
  5. You can find the source of the infection by viewing which user has ownership permissions on the infected file(s). That way you can isolate their workstation.

 

Thankfully, Symantec Endpoint Protection protects from this virus: http://www.symantec.com/connect/forums/cryptolocker-are-we-safe

Filed Under

Comments

08
Nov
2013

I want to add that Spiceworks

I want to add that Spiceworks has some group policy templates that you can import and apply in your environment.

http://community.spiceworks.com/topic/396103-cryptolocker-prevention-kit-updated

Mick2009's picture
Mick2009
Symantec Employee
14
Nov
2013

Thanks for raising awareness,

Thanks for raising awareness, megamanVI!

The article Recovering Ransomlocked Files Using Built-In Windows Tools, deals with a few possible ways how to prevent and recover from Trojan.Cryptolocker- one of today's most-destructive threats- should it infect your network and hold your data hostage.

With thanks and best regards,

Mick

20
Nov
2013

Backup, backup, backup and

Backup, backup, backup and don't open unkonwn emails..

thank you for article!