good morning
Take extreme precautions in the mails received, due to a dangerous attack called CryptoLocker.
Our IT security department tells us that there is a new mass sending of mails that can infect with the 'CryptoLocker' virus.
Due to its severity and rapid spread of the infection, we thought it appropriate to inform so that you can prevent.
The procedure is as follows:
- Any user receives an email pretending to come from Correus. This indicates that a package could not be delivered. Most of these emails are nominative, that is, the greeting is addressed to the person who is receiving the email.
- The email includes a link for the user to click and be able to view the status of the shipment, or an attachment that indicates "invoice".
- When the user opens the attachment or clicks on the link, that's when the infection occurs.
Why do I get infected if I have an antivirus system?
Antiviruses are necessary but cannot offer a guarantee of detection of 100% of malicious code, which is why new advanced technologies are constantly being developed and incorporated: Insight, Sonar to complement detection by signatures.
Attacks are changing and new and more complex protection measures must be adopted.
How does Cryptolocker infection occur?
For a user action. A clean email arrives, usually with a link asking to download a file pretending to be an invoice or urgent shipment. It is the user who clicks on the link, who is executing the infection action. It is also possible that you access a page that will try to attack and infect your PC by looking for vulnerabilities or also called "security holes".
What are the consequences?
The files that the user tries to access, whether local or stored on the network, are encrypted, and after a few minutes / hours the user is presented with a screenshot requesting a payment to receive the key of decryption
Why are all these emails coming?
Because those who are dedicated to generating are professionals and profit from it.
Does the antivirus detect it?
There are variants that it does NOT detect.
What if we get infected?
In most cases, it will be necessary to restore the information that has been encrypted from the backup, recovering the files in their state before the infection. Depending on the time it takes to detect this, they can lose hours or days of information. There are websites that indicate that they are able to recover damaged files, but it is not guaranteed.