CryptoLocker and CryptoWall Service Notification

We wanted to give you an update since our last communication regarding the CryptoLocker and CryptoWall malware infection.

First, it appears that some security researchers were able to break into the main CryptoLocker database and have retrieved the keys to decrypt the files. They have released this information to the public, so people can decrypt their files without paying the ransom. We are investigating to see if this release is safe to use and if it will work. This only applies to the CryptoLocker malware and not the new variant, CryptoWall, which has a stronger encryption method. More information below:

Second, internally, we have been developing and testing several different methods to enhance our managed services tools to minimize the damage CryptoLocker/CryptoWall can do to your network. One solution is currently being tested in our beta group and provided that goes well, we will be deploying this to all of our managed services clients. If you have an AssistIT or SimplifyIT agreement, this will be pushed out to your network within the next 1 – 2 weeks automatically. If you do not have one of these agreements, we could manually push this preventative measure out through a group policy on your network. Labor to do this would be 2 – 3 hours. Note that this method will likely not save the infected workstation from being encrypted, but in most cases it will prevent the infection from spreading to your fileserver and other shared data repositories where the real damage is done.

On a separate topic, BBC has also released an announcement that a Russian Gang hacked 1.2 Billion usernames and passwords. More information on the details can be found in the below link:

Due to this new information, we highly recommend that you change your passwords to all banking and financial websites and other cloud based services you use that contain sensitive information. As a routine protective measure against hackers in general, we recommend as a best practice to implement a password changing policy for your own network that requires users to change their passwords every 60 – 90 days. We also recommend that the passwords be complex in nature (ie: 8 characters or more in length, alpha-numerical and at least 1 special character).

As we make progress on our internal preventative measure against this type of malware and validate the keys to decrypt files, we will send out another update. If you would like our help with developing a password policy for your network or have any questions, please contact your Account Manager at 203-744-2274:

X132 Jennifer Driscoll
X137 Michael Mayer
X141 Macki Mongillo
X164 Will Hatcher

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *