Cryptolocker – Virus Alert

Posted: Friday, October 11, 2013

Author: Guy Hocking

Back in January a form of Malware (actually a form known as Ransomware) hit the IT world in the form of Cryptolocker.

One of our engineers, Sean Carey on the Utilize remote support desk, has recently discovered that there is a new variant of Crypolocker and it isn’t showing any signs of letting up.

Sean Carey reports; “we have noticed that a handful of customers are having issues with some files on the network becoming encrypted, which we currently believe is relating to the infection of this Cryptolocker variant”. Sean states “The piece of Ransomware installs itself as a piece of software similar in look to the below.

The term Ransomware comes from the fact that payments of $100 were originally demanded to decrypt files. The latest variant we are seeing is $300”. Decrypting Cryptolocker files requires access to both the public and private keys used to encrypt them. Until AV vendors or relevant authorities get hold of the second key, the NSA may be the only people around that can reverse the process. Researchers from a number of antivirus vendors are also working on a way to undo the damage.


Utilize customers with successful backups will be able to restore to previous versions of the files and Utilize will assist wherever necessary to isolate any infected machines. However those without a good set of backups that have been infected don’t have any other options yet other than to pay the “ransom” which, from what we have seen, amazingly does reverse the encryption of the files (although it’s generally not considered a good idea to give in to the bad guys).

Utilize AIM pro-active monitoring software (if clients have it included in their contract) will pickup on any failed backups, abnormal network activity or failed anti-virus updates on the servers however we ask customers that they pay particular attention to any anti-virus errors or issues (especially those on local laptops away from the network). Providing anti-virus software is up to date and relevant gateway security is in place (such as the Ignite Managed Firewall Service) new infections should be minimal. All AV vendors have, however, admitted that they weren’t quick off the mark on picking up this new variant so it may have already infected client machines earlier.

If you are concerned or you have seen messages or software on your network similar to the above please call your Utilize account manager or Utilize service on 0333 006 9060 and we can ensure your network is as protected as it can be against this new threat.

Our web site uses cookies, including Google Analytics cookies, to better understand how you use our site. Read our Cookie Policy for more information including Google Options. By using our web site you accept our use of cookies as detailed in our Cookie Policy.