What is a Cryptolocker Ransomware Virus?
There has been a virus attack which took place on Friday 14th May and was a Crypto Locker virus. A Cryptolocker virus is a Trojan horse which misleads users and disguises its true intent. This Trojan horse will infect your computer and encrypt your files and are locked. There are only two keys, one is a public key which is used by the hackers to encrypt your data and the other is a private key. The private key is used to decrypt the files and this is the key that is used as a ransom since the victim is told they need to pay a certain amount to get the private key to restore their data otherwise the hackers will destroy the victim’s data.
Common Methods of Infection
Traditionally the most common method is through downloading attachments from emails that are disguised as familiar file type such as *.doc but have an *.exe extension which is hidden. Once this has been downloaded, it opens and activates the virus but your machine will appear to run normally until all files have been encrypted. One other way is through download prompts on websites for plug-ins which operate in the same way the aforementioned does. The Trojan horse can not replicate itself which is why the methods mentioned are all downloads.
Who Were Affected?
Reported in the news, the ransomware attack has hit many different companies including the Irish NHS. We were hit with the same virus on May 14th, the virus targeted our exchange servers but thanks to our practices in place for passwords and internet shutdowns, only a minor amount of servers were hit. We quickly rolled back to snapshots of the affected servers so only a very small number of emails were lost on the Friday night. After an extensive check of all our servers in our VM environment, no other servers were corrupted and all systems were operational by midnight on Friday 14th May. However, companies such as Pipeline in the USA and the Irish NHS are still without services.