Think before following the prompts!1st May 2015
Once again one of our clients has been infected by a new version of crypto locker ransomware. The infection process begins with a genuine looking email claiming to be from Australia Post. The user is asked to “view information” then enter a code and then download a .zip file. When the user opens the .zip file they will infect all their accessible data drives. These steps are designed to circumvent firewalls, anti-malware software and anti-spam appliances.
Within an hour it can encrypt more than 40000 files. There is no known way of unencrypting the files. The only recovery option is a restore from backup.
This is a long post but I thought it important to include screen shots of the steps users are following to get infected. As you can see, the screens look legitimate.
Please – think before following the prompts!