New cyberthreats (including CryptoLocker Ransomware)
The FBI and the National Cybersecurity and Communications have identified new computer malware threats and recommend that, “organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.” Destructive malware is a direct threat to your daily operations. Because of the increasing sophistication of malware, anyone (employee, client, volunteer, student) who is on your network could trigger an infection affecting everyone. Organizations should work to develop a culture of safe computing.
- The publication, Planning and Recommended Guidance: Destructive Malware is technical, but it is a good guide for techies. Please pass it on to your IT departments and/0r consultants to assist them to protect you, your data, your credit and your reputation.
- The National Cyber Awareness System reports outbreak of “ransomware” that restricts access to infected computers and demands a payment to to decrypt and recover your files (see CryptoLocker Ransomware Infections for more information and how to undo the damage). The latest means of infection appears to be phishing emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. Some victims saw the malware appear following after a previous infection from existing botnets lurking on infected computers.
- Do not follow unsolicited web links in email messages or submit any information to webpages in links.
- Use caution when opening email attachments. Refer to Using Caution with Email Attachments for more information on safely handling email attachments.
- Maintain up-to-date anti-virus software.
- Perform regular backups of all systems to limit the impact of data and/or system loss.
- Apply changes to your Intrusion Detection/Prevention Systems and Firewalls to detect any known malicious activity.
- Secure open-share drives by only allowing connections from authorized users.
- Keep your operating system and software up-to-date with the latest patches.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
US-CERT and DHS encourage users and administrators experiencing a ransomware infection NOT to respond to extortion attempts by attempting payment and instead to report the incident to the FBI at the Internet Crime Complaint Center (IC3).
- CryptoLocker Virus: New Malware Holds Computers For Ransom, Demands $300 Within 100 Hours And Threatens To Encrypt Hard Drive
- CryptoLocker Wants Your Money!
- CryptoLocker ransomware – see how it works, learn about prevention, cleanup and recovery
- Microsoft Support – Description of the Software Restriction Policies in Windows XP
- Microsoft Software Restriction Policies Technical Reference – How Software Restriction Policies Work
- CryptoLocker Ransomware Information Guide and FAQ
For more tips about cybersecurity, check out the following non-technical publications: