We all receive numerous emails warning us of the dangers associated with clicking on links within emails from parties we are not familiar with. Unfortunately, many of those links are shrouded within advertisements or other seemingly beneficial statements which entice us to view that great promotional offer or track that Amazon product shipment we know we had ordered a few days back.

International scammers are sending millions of emails every day that look like courtesy messages from companies we know and conduct business with. These include shipping companies like UPS, FedEx, and USPS with the intention of spreading variants of the ransomware called Cryptolocker. Many unsuspecting recipients of the e-mails are unfamiliar with what ransomware is and why they should even care about the nature of this malware.

Simply put: Ransomware is a piece of malicious software that prevents you from using your computer until you pay a designated amount of money or what we all know to be “ransom”. It’s a form of extortion that uses the data on your computer as hostage until you agree to pay the criminal at the source of the request.

Cryptolocker works by encrypting all the files on your computer or on a network attached drive share or location — this can include photos, important documents, database files etc. — anything you’ve saved to that hard drive or other shared folder location. Once these files are encrypted you are unable to open them without the encryption key which is provided to you by the criminal mind behind the Cryptolocker source program.

After Cryptolocker has encrypted your files it will generate and display a message similar to this image to the right.

The criminals will generally demand payment through an anonymous payment system such as Bitcoin and will promise to provide the decryption assuming you pay the ransom within the allotted time.

The downside is that once Cryptolocker has encrypted your files there is absolutely no way to recover them unless you receive the decryption key.  Can anyone be guaranteed that the criminal will honor your payment and provide it? Frankly, it is not worth taking the chance.

Our clients have asked us: What can we do to protect ourselves against this threat and how can we recover in the event we are impacted by a Cryptolocker infection?


The following are best practices for preventing and or recovering from such a ransomware event:

  • Have a consistent backup plan in place to protect vital information assets in the event of unintended or malicious destruction or loss of critical files.
    ATG can develop a comprehensive backup and recovery model providing for both onsite and offsite backup and retention of files, folders and complete system images for ready recovery.
  • Do not open file attachments containing nested extension names –  Frequently cyber-thieves will try to make an attached file appear harmless by using an extension like .pdf or .jpg in the file name. The attachment may have a name like – tax_return.pdf.exe. Remember: This type of file is NOT a PDF file. It’s an EXE or executable file and is likely a virus.
  • Instead of simply clicking on a link in an email we suggest you mouse-over that link to see whether it is likely a legitimate address. If you have not visited that site before or it appears to be a combination of names that incorporate a legitimate company name we would suggest NOT clicking on that link.