The purpose of this virus alert is to inform and educate you, as well as encourage you to remain vigilant against malware. We continue to experience isolated incidents of CryptoLocker and its variants, a type of virus known as “ransomware”. To learn more about CryptoLocker and ransomware please reference our previous blog post here:
As mentioned in the above-referenced blog post, here’s steps you can take to protect yourself:
- Never open email attachments from unknown senders. Keep in mind that the people who create these emails are crafty. They are often carefully constructed to appear as if they came from legitimate businesses or vendors.
- Don’t follow links received in SPAM emails from unknown senders.
- Back up your data.
- Keep your antivirus and antimalware software updated. We recommend Webroot and MalwareBytes as a solid deterrent. Please be aware that no preventative platform is foolproof.
How do you know if you’ve been infected?
- You are unable to open files and/or files appear to be corrupted. This may occur on your local hard drive or on network shares if the infection has spread beyond a local machine.
- File extensions are changing from what they should be (.doc, .pdf, .xls) to .encrypted, .cryptolocker, or .[random characters].
- A HELP_DECRYPT file has appeared in each folder where files have been encrypted.
- A ransom screen may appear informing you that your personal files have been encrypted.
What do you do if you suspect an infection?
- Immediately disconnect your computer from your wired and/or wireless network. This will prevent it from further encrypting any files.
- Call SisAdmin at 425-482-1919 to report the infection ASAP.