Logo-small1 Tobin Solutions
We guarantee a better technology experience!
Quick Links

Sevice Assistance
 Tobin Helpdesk
or call
414-443-9999

 pencil-join
Join our Mailing List

 

  
Security Alert!

This is a security alert of a new version of the "Cryptolocker" virus.  Its goal is to encrypt files and then extort money to reverse the encryption.

 

The most common way this virus is delivered is via an email attachment.  The email subject or the name of the attachment is often called "payroll report," but other subjects or attachment names could be used.  The attachment contains what appears as a .PDF file, but is really a program.  If the attachment is opened, the machine becomes infected.

 

Recommendation:

  1. Remember no anti-virus system is 100% effective - you need to be careful opening attachments.  Do not open any attachment you are not expecting without verifying from the sender they are legitimate.
  2. Inform us as soon as possible, if you think you are infected.
  3. We can identify the infected workstation, remove the virus, and restore files from a backup copy, assuming a backup copy is available from before the infection.

Should a machine on a network become infected, the virus will do the following:

  1. It will look at each mapped network drive on the computer and determine if the currently logged in user has write access to any of the drives on the workstation or company servers.
  2. It will then start to encrypt data files on these drives.  It recognizes and encrypts over 30 common data file types (such as Word, Excel, tiff, Autocad, etc.).
  3. Once it finishes this encryption, it will display a message on the infected computer's screen demanding payment of $300 for the decryption key.  There is a timer demanding payment be made in 72 hours.  If payment is not received in 72 hours, the program uninstalls itself at which point the only recourse is restoration from backup.
  4. Reports indicate that as of today, 10/23/13, paying this money does result in decryption of the files.

Please Note:

  1. The encryption is effectively unbreakable without the decryption key.
  2. Paying the ransom is risky.  There is no guarantee it will work in the future.
  3. Restoring from backups will only work if backups exist before the files were encrypted.

--Your Tobin Solutions Support Team

 

"Follow" us at https://twitter.com/tobinsolutions Follow us on Twitter