There is a virus doing the rounds called CryptoLocker currently . More can be found – https:\/\/en.wikipedia.org\/wiki\/CryptoLocker<\/a><\/em><\/p> Putting it briefly, this virus is downloaded onto a computer usually by a fake email attachment or through a website popup. Once downloaded and run by accident , it starts encrypting all the company data on shared drives automatically and once completed will Ransom the data with an undisclosed amount to be paid anonymously. The only way to restore from this will be a restore from the backups the night before.<\/em><\/p> Please be vigilant with any emails you open from third parties you are not expecting and more importantly Message Attachments opened, below are some example of Email Message Spoofs\u2019<\/em><\/p> <\/p> —–Original Message—–<\/em> All employees need to have on file this form STD 261 (attached). The original is retained by supervisor and copy goes to Accounting. Accounting need this form to approve mileage reimbursement.<\/em><\/p> The form can be used for multiple years, however it needs to re-signed annually by employee and supervisor.<\/em><\/p> Please confirm all employees that may travel using their private car on state business (including training) has a current STD 261 on file. Not having a current copy of this form on file in Accounting may delay a travel reimbursement claim.<\/em><\/p> <\/p> Auspost <\/u><\/strong><\/em><\/p> Each computer became infected after opening an EMAIL from AUSTRALIA POST (or AUSPOST), with a subject line such as:<\/em><\/p> Subject: An agent was unable to redeem the parcel to your place for the reason: receiver was absent<\/em><\/p> There have been many different subject lines but they commonly want you to click on an attachment or a link such as \u201cDown Load Shipping Label\u201d<\/em><\/p> More info here: http:\/\/auspost.com.au\/about-us\/scam-email-warning.html<\/a><\/em><\/p> TNT Courier <\/u><\/strong><\/em><\/p> <\/p> <\/p> <\/p> <\/p> <\/p> <\/p> <\/p> <\/p> Australian Federal Police<\/u><\/strong><\/em><\/p> Sample email:<\/em><\/p> <\/p> <\/p> <\/p> <\/p> <\/p> <\/p> <\/p> <\/p> <\/p> <\/p> <\/p> ————————————————————– Another<\/p> <\/p> CryptoLocker<\/strong> is a ransomware trojan which targeted computers running Microsoft Windows. CryptoLocker propagated via infected email attachments, usually in Scripts<\/strong> (filename.bat<\/em>)<\/strong>, Word (filename.doc<\/em> \/ .docx)<\/strong>, Excel (filename.xls \/ .xlsx<\/em>)<\/strong>, Zip (filename.zip \/ .rar<\/em>)<\/strong> or Executable files (filename.exe<\/em>)<\/strong>.<\/p> <\/p> CryptoLocker encrypts files across local hard drives and mapped network drives. The process encrypts data files with certain extensions, including Microsoft Office, OpenDocument, and other documents, pictures, and database files. These files are then locked up and render inaccessible. Once it has done enough damage you will get a pop-up message similar to below:<\/p> Although CryptoLocker itself is readily removed, files remained encrypted in a way which many considered unfeasible to break. Many said that the ransom should not be paid, but did not offer any way to recover files; others said that paying the ransom was the only way to recover files that had not been backed up. Some victims claimed that paying the ransom did not always lead to the files being decrypted.<\/p> Since CryptoLocker has many version and has been evolving till date. It has been known to infect PCs even with up-to-date antivirus due to a term called \u201cZero-day malware\u201d which means a brand new variant that is not discovered by security companies.<\/p> \u201cA\u00a0zero<\/strong>–day<\/strong>\u00a0virus (also known as\u00a0zero<\/strong>–day malware<\/strong>\u00a0or next-generation\u00a0malware<\/strong>) is a previously unknown computer virus or other\u00a0malware<\/strong>\u00a0for which specific antivirus software signatures are not yet available. Traditionally, antivirus software relies upon signatures to identify\u00a0malware<\/strong>.\u201d<\/p> However, we can avoid getting caught from such infection as most of them comes in the following email form:<\/p> Below is an example Email which may contain CryptoLocker infection. This email does not come with any attachment however it has a few hyperlinks which is tempting users to click on in order to execute an attack from external source. Please pay attention to the red boxes for tips:<\/p> <\/p> (https:\/\/www.agl.com.au\/<\/a>)<\/p> <\/p> This is an example fake hyperlink created which actually goes to a completely different site. For this experiment I have embeded https:\/\/www.google.com.au<\/a> on a https:\/\/www.agl.com.au<\/a> text.<\/p> \u00a0<\/p> I hope you find this informative and please pass on the message to everyone to help keep our network a safer environment.<\/p> <\/p> Below are a few more example emails and variations that disguised as potential CryptoLocker infection.<\/p> \u00a0<\/p>","protected":false},"excerpt":{"rendered":" Useful email to send out to users to stop them click on Crypto Links Hello,There is a virus doing the rounds called CryptoLocker currently . More can be […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[1419],"class_list":["post-1959","post","type-post","status-publish","format-standard","hentry","category-random","tag-cyrpto-email"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/1959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=1959"}],"version-history":[{"count":3,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/1959\/revisions"}],"predecessor-version":[{"id":2191,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/1959\/revisions\/2191"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=1959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=1959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=1959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
From: John Doe [mailto:John@mydomain.com<\/a>]<\/em>
Sent: Tuesday, October 15, 2013 10:34 AM<\/em>
To: Jane Doe<\/em>
Subject: Annual Form – Authorization to Use Privately Owned Vehicle on State Business<\/em><\/p>![\"tnt\"](\"http:\/\/pariswells.com\/blog\/wp-content\/uploads\/2016\/04\/tnt-264x300.png\")
<\/em><\/p>![\"fed\"](\"http:\/\/pariswells.com\/blog\/wp-content\/uploads\/2016\/04\/fed-279x300.jpg\")
<\/em><\/p><\/p>
![\"\"](\"http:\/\/pariswells.com\/blog\/wp-content\/uploads\/2016\/09\/img_57d1eb3d2be30.png\")
<\/p><\/p>
![\"\"](\"http:\/\/pariswells.com\/blog\/wp-content\/uploads\/2016\/09\/img_57d1eb2e3430e.png\")
<\/p>![\"\"](\"http:\/\/pariswells.com\/blog\/wp-content\/uploads\/2016\/09\/img_57d1eb2802419.png\")
<\/p>![\"\"](\"http:\/\/pariswells.com\/blog\/wp-content\/uploads\/2016\/09\/img_57d1eb239e04b.png\")
<\/p><\/p>