Cryptolocker Virus, AFP Imposter Warning

Home / Blog / Latest Cybersecurity Threats / Cryptolocker Virus, AFP Imposter Warning
Cryptolocker Virus, AFP Imposter Warning

CryptoLocker has been gaining its infamous reputation since it was first introduced in 2013 by “kidnapping” important files for a ransom.

CryptoLocker propagated through infected email attachments or links, and when activated, the malware encrypts certain types of files stored on local and mounted network drives, with the private key stored only on the malware’s control servers. The malware then displays a message which offers to decrypt the data if a payment is made by a stated deadline, and threatened to delete the private key if the deadline passes. If the deadline is not met, the malware offered to decrypt data via an online service provided by the malware’s operators, for a significantly higher price.

Although CryptoLocker itself is readily removed, files remained encrypted in a way which researchers considered infeasible to break. Many said that the ransom should not be paid, but did not offer any way to recover files; others said that paying the ransom was the only way to recover files that had not been backed up. Some victims claimed that paying the ransom did not always lead to the files being decrypted.

Most recent scams include the fake email as Australian Federal Police and unsuspecting innocents are falling to be the victims.

<Sample Email>
Fake AFP email sample

What to do…

  1. Generally, banks and government organisations will not send you emails asking for payments or personal information. If in doubt, contact them directly.
  2. DO NOT open the attachments or click on the link unless you know where they are from for the reasons you are aware of.
  3. DO NOT attempt to make a payment or provide your personal details online when you are asked to, unless you are 100% sure of the source.
  4. Back up your business data every day.