It has come to our attention that a particular style of virus infection known as Cryptolocker is raising in profile across the internet, and we suggest that as a matter of urgency your staff are made aware of this threat. We have recently had several users infect their networks/servers with this virus, which has caused significant disruption to operations.
We suggest advising your staff members who use email within your organization of this issue.
How do you become infected with CryptoLocker
The infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Energy Australia, Australia Post, NAB, DHL, etc. These emails would contain a link to an invoice website or an attachment that when opened would infect the computer.
In the most recent case we saw, the e-mail claims to come from “Energy Australia” and provides a link to a website that looks the following;
The email may also contain ZIP files and these zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people unknowingly open them.
The current list of known CryptoLocker email subjects include
Do not open any emails that look suspicious, and especially do not open any attachments or click on any links to websites on emails you are unsure about.
If you are suspicious then do an online search for the subject line or some of the text in the email. If the email is a hoax or virus your search results will soon return websites confirming it.
If you are still unsure please send a request email to firstname.lastname@example.org or call us on 1300 732 810.
(Never forward suspicious emails to anyone including Support as you may not only infect others but the email may never arrive if various email systems quarantine the forward).