Tales from the CryptoLocker: Wrestling with ransomware.

aztony

Level 9
Thread author
Verified
Oct 15, 2013
501
A few weeks ago, I had someone in our customer service department open an email from a legitimate client that contained a .zip file. This wasn’t exactly normal correspondence, but it also wasn’t unusual to be contacted via email by this contact. Shortly after, I was called and informed it appeared we had a virus. They said a strange pop-up warning message came up and they couldn’t get rid of it.

“Please don't click anything anymore” I replied. I asked if it resembled our antivirus alerts or had any reference to our recently added web filter. They told me that less than a minute after the .zip file was opened, they got the 72-hour countdown screen from CryptoLocker stating that they needed to purchase the $300 encryption key or all data would be encrypted and useless.

I told the person to unplug the PC from the network, and I literally ran to my car, drove to the offsite facility and dashed inside! I powered it off and told him he would have to work from another station for the rest of his shift. I walked out with the infected piece of hardware under my arm in a full nelson.
Continue reading: http://community.spiceworks.com/topic/417412-tales-from-the-cryptolocker-wrestling-with-ransomware?utm_campaign=1209&utm_medium=spotlight&utm_source=swemail
 

Littlebits

Retired Staff
May 3, 2011
3,893
Don't open suspicious files and you will not have to worry.
CryptoLocker will most definitely make the user learn what not to do.
After they loose all of their files they will probably want to be more careful and watch what they do from then on.

I have had customers with several infections on their system and simply don't even care and continue to make the exact same mistakes, this CryptoLocker will make them want to care after all their files are gone.

CryptoLocker might be the best lesson to learn how to safely download files.

Thanks. :D
 

samit

Level 12
Verified
Nov 4, 2011
830
Littlebits said:
Don't open suspicious files and you will not have to worry.
CryptoLocker will most definitely make the user learn what not to do.
After they loose all of their files they will probably want to be more careful and watch what they do from then on.

I have had customers with several infections on their system and simply don't even care and continue to make the exact same mistakes, this CryptoLocker will make them want to care after all their files are gone.

CryptoLocker might be the best lesson to learn how to safely download files.

Thanks. :D

don't wanna do in a good way...lets do in a bad way :p
 

aztony

Level 9
Thread author
Verified
Oct 15, 2013
501
Don't open suspicious files and you will not have to worry.
Tough call to make by an employee in the context of this particular incident.
I had someone in our customer service department open an email from a legitimate client that contained a .zip file. This wasn’t exactly normal correspondence, but it also wasn’t unusual to be contacted via email by this contact.
 

Littlebits

Retired Staff
May 3, 2011
3,893
Tough call to make by an employee in the context of this particular incident.
In that incident the employee had to do more than just open the zip file, the employee had to run an executable file which was not digitally signed, if he/she did this on Vista or newer Windows UAC and/or Windows Digital file warning would have notified them and the employee must have ignored the prompts and run the file anyway. If companies would train their employees, this would have not happened.
Most companies never get attachments with zipped executable files, usually only documents. That should have been the first sign that something wasn't right. All employees should know the difference between documents and executable files. The company should have their employees setup on a Limited User Account if they can train they employees properly. Most common office documents will open just fine on a Limited User Account but malicious executable files will not run. So the negligence lies on the company not the employee, for not taking safe guards.

Thanks. :D
 

I'm Me

New Member
Verified
Sep 14, 2013
41
In that incident the employee had to do more than just open the zip file, the employee had to run an executable file which was not digitally signed, if he/she did this on Vista or newer Windows UAC and/or Windows Digital file warning would have notified them and the employee must have ignored the prompts and run the file anyway. If companies would train their employees, this would have not happened.
Most companies never get attachments with zipped executable files, usually only documents. That should have been the first sign that something wasn't right. All employees should know the difference between documents and executable files. The company should have their employees setup on a Limited User Account if they can train they employees properly. Most common office documents will open just fine on a Limited User Account but malicious executable files will not run. So the negligence lies on the company not the employee, for not taking safe guards.

Thanks. :D

You really know your stuff, Littlebits!

Thanks for sharing that information. That is really good to know.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top