Cryptolocker – protect your computers

Page Updated May 2016:  Cryptolocker and Cryptowall problems continue to wreak havoc on small businesses everywhere

  1. Here is the latest and greatest software protection utility
  2. download and install the small utility above.  Here is a quick video showing you how to do it
  3. If your browser won’t let you download the exe in step 1, try a zipped version here, then unzip and install it
  4. Does your business need protection? We can setup and install on all your computers and protect your file server with a  custom software program.  Submit a ticket: help@moonrivers.com

If you are already infected send a ticket to help@moonrivers.com and/or try the steps below

  1. Turn of machine immediately and then go here
  2. Use this tool if your files are already encrypted and you are stuck

Page Updated June 2014:  Cryptolocker and Cryptowall problems are re-surfacing and are a huge threat.  Our SPAM prevention partners are seeing a LOT of activity and are working at filtering everything out.  The latest reports show fake faxes and voice-mail messages as source for this infection. BACKUP and PROTECT your computer:

  1. Corporate clients: Preventive measure will be deployed using group policy but it can’t hurt to re-run this simple file, hit apply and reboot (you can say no to the first 2 options asking about their paid-for version). Please do this on your home computers and pass on to friends and family. Most of you are protected from our last round of updates but again, can’t hurt to re-run this simple file and reboot your computer
  2. BACKUP your computer – using a local drive (then disconnect from computer just be safe) and use and online backup provider (see below)
  3. BE CAREFUL what you open and click on in emails – especially links and attachments.  This rule applies even with senders you are familiar with, they could be sending malware or have a hacked account and not know it.  Review EVERY email before you click on a link or open an attachment.
  4. Feel free to submit a ticket if you need any help or contact your dedicated support person

Read the latest update on this threat:

http://blogs.appriver.com/Blog/bid/102886/Faux-Faxes-Carry-New-CryptoLocker

threatpost.com/rig-exploit-kit-pushing-cryptowall-ransomware/106540

CryptoLocker is Trojan horse malware which surfaced in late 2013, a form of ransomware targeting computers running Microsoft Windows. CryptoLocker disguises itself as a legitimate attachment; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers. The malware then displays a message which offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline, and says that the private key will be deleted and unavailable for recovery if the deadline passes. If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware’s operators, for a significantly higher price in Bitcoin. Although CryptoLocker itself is readily removed, files remain encrypted in a way which researchers have considered infeasible to break, with some suggesting paying the ransom as the only effective way to recover files that had not been backed up.

How To Protect Yourself

  1. First – backup your system! right away! Either locally using an external drive (then unplug from your system) or using an online service like crashplan.com
  2. Second – make sure you are backed up – if you get infected it could cost you hundreds to get your data back or it might be gone forever
  3. install malwarebytes anti-malware free by using this link –> http://ninite.com/malwarebytes/ninite.exe –> download the file and run it, it will auto install the program.  Then go the “protection” tab and activate the trial.  We suggest buying the full version of this software.  Once you start with the paid product, you should keep it.  Buying the business license here: https://store.malwarebytes.org/342/purl-Corporate is only 25 bucks per license but they will renew it next year automatically (something they won’t’ do if you buy the more expensive version)
  4. Install this program http://moonrivers.com/files/cryptorevent.exe –> download –> run –> hit OK –> hit apply and then reboot –> This one is simple and easy
  5. Contact us at www.moonrivers.com/help if you need assistance or email help@moonrivers.com
For step 3:

 

save and run the link for the installer.  It will start the install and process and notify when you done.  When finished, you will have the new application on your desktop and in program files.  Run the new application, update the database when it prompts you by saying OK and this will bring you to the main screen.  Click on the protection tab and start the trial


For step 4:

 

click the link and save it, then run it and hit OK when prompted.  Then hit apply and reboot when convenient

 

 

More information on the threat:

 

Leave a reply