Many viruses are embedded in email attachments designed to get through even multiple layers of security. CryptoLocker is one of the worst viruses seen in years and it only takes ONE message to get through to cause a lot of damage, and the “bad guys” have developed sophisticated techniques to get around your antivirus protection.
All users are advised to be extremely cautious when opening email attachments. Typically, the incoming email is a "spoofed" email pretending to be from a reputable source such as UPS, Xerox, ADP, Verizon, Dun and Bradstreet and others. The subjects of the emails are socially engineered to trick people into opening them. Some the subjects include:
- Scan from a Xerox WorkCentre
- USPS - Missed package delivery
- ACH Notification ("ADP Payroll")
- Voice Message from Unknown Caller
- Corporate eFax message from "random phone #" - 8 pages
- Important - New Outlook Settings
- Dun & Bradstreet Case Number
As you can see from these subjects, during a busy work day, it would be very easy to quickly open one of these emails and open the attachment. You may think the email is for you (from your scanner, efax, or service provider), or perhaps a curious employee would be enticed to peek at a confidential file. The problem is, by opening the email, even with Antivirus protection in place, you have effectively opened the door for the virus directly.
When Cryptolocker is launched, your files will be encrypted (including files on mapped drives), and a while later after the damage is done, you'll see a pop up warning asking for a payment to restore your files. We strongly advise against paying the ransom. You would be giving money directly to criminals, and only encouraging them to do more damage. Instead, we advise cleaning the system and restoring files from a good backup (make sure you have a solid backup!).
Slow down, and carefully check out the emails before opening them. For example, you may use an eFax service or scan with a Xerox scanner, but the subjects are usually a bit off if you look closely. Also Microsoft never sends unsolicited mail.
Spam filtering, antivirus protection, and perimeter security all help, but it only takes one message to get through and create a LOT of damage. When you open the email attachment, it's effectively like letting the thief in the front door after the doorbell rings.
Please help spread the word to all users in your organization. Education is the first line of defense for all security.