CryptoLocker
Posted: Thu Sep 18, 2014 8:19 am
I just saw my first cryptolocker infection on a client's computer..
they couldn't get into our software because the setup.dbf and station.dbf has become trashed (as far as we could tell). We got onto their system remotely, and i started to investigate file sizes, dates, etc... while looking at things in date order, i noticed 3 files .html, .txt and .url all named decrypt_instructions.
i used notepad to look at them and saw they were cryptolocker instuctions.
I advised client that his network and computers were unusable at this time and to turn off and disconnect all machines on the network and call in someone local to review the situation...
we use strange extensions for most of our data files, and those didn't seem to be hit by the malware (yet)..
they couldn't get into our software because the setup.dbf and station.dbf has become trashed (as far as we could tell). We got onto their system remotely, and i started to investigate file sizes, dates, etc... while looking at things in date order, i noticed 3 files .html, .txt and .url all named decrypt_instructions.
i used notepad to look at them and saw they were cryptolocker instuctions.
I advised client that his network and computers were unusable at this time and to turn off and disconnect all machines on the network and call in someone local to review the situation...
we use strange extensions for most of our data files, and those didn't seem to be hit by the malware (yet)..