Cryptolocker Ransomware

The SOC has received reports about the CryptoLocker malware infecting multiple states and have seen it of the attacking Washington State as well. CryptoLocker is ransomware that encrypts documents on the infected machine and any connected shares or drives. The encrypted files are held ransom for a fee. If the fee is not paid within a specific timeframe, typically seventy-two hours, the encrypted files will be deleted.

How this is spreading?
This malware first infects a system through phishing emails. When the recipient of this email clicks on the link or opens the attachment, their system is infected.

What do these Cryptolocker phishing emails look like?

Of course these emails can look like any phishing email.

How will I know if I am infected?
Within 24 hours of your infection, your files will be encrypted and you will see a message.

Please contact the CTS Service Desk (360-753-2454) if you discover a CryptoLocker infection and be careful in your email!

Resources
http://www.microsoft.com/security/resources/malware-whatis.aspx
http://www.microsoft.com/security/resources/ransomware-whatis.aspx

Security tips are brought to you by the CTS SOC. The mission of the CTS SOC is to provide centralized information sharing, monitoring, and analysis of Washington State security posture. Contact us at: soc@cts.wa.gov.