Our customers have asked us a number of questions about a nasty ransomware Trojan that has been making the rounds since early September. We wanted to let you know a bit more about Cryptolocker and how Sophos protects you against it.
Our SophosLabs threat experts first spotted Cryptolocker (detected as Troj/Ransom-ABV) on September 6, and we have been actively protecting against this threat since September 10.
We also updated our detection as of October 9, based on the latest samples we received. We detect these threats as Troj/Ransom-ACP and Mal/Ransom-BW. You can find out more about Cryptolocker in the detailed analysis posted by SophosLabs.
On October 10, we were contacted by a concerned Sophos customer about a thread in the Spiceworks Community regarding Cryptolocker. We put together this FAQ to give you answers to some common questions.
How can I protect myself from Cryptolocker?
Make sure that your computer(s) are running the latest version of our software. Keep your Sophos software up to date with identity files, and configured for best protection. In this case, make sure you have HIPS turned on to stay protected from file cryptors proactively.
Also, keep in mind that this threat is an urgent reminder of the importance of backup. With Cryptolocker, the encrypted files cannot be recovered and sadly, it does not look as though the bad guys made any cryptographic mistakes.
Does Sophos Endpoint Security protect my computer from Cryptolocker?
Yes, but malware writers are constantly updating and releasing new variants and families. You must stay fully up to date with the latest Sophos releases. For more information on how to most effectively deploy Sophos Endpoint, read our knowledgebase article to get best practices advice from our Support team.
How do I remove ransomware once detected?
If your Sophos solution has a Trojan or virus in quarantine that you want to get rid of, read this knowledgebase article on how to remove Trojans, worms, viruses, and other malware with Sophos Anti-Virus.
Can I send you a sample?
Yes, please send us samples at firstname.lastname@example.org. The more samples we get, the better we can keep our detections updated. You can also go to our knowledgebase article on how you can submit samples via email or directly through our website.
How can I learn more about ransomware?
Check out this knowledgebase article on ransomware created by our stellar Support team. You can also download our recent whitepaper on ransomware (registration required). Follow our Support team on Twitter at @SophosSupport to get the latest developments. And join our community on Spiceworks.
We’ll always try to reassure you when you see something alarming like this.
[UPDATE 17 Oct] Our Support team created this short video that shows you how Cryptolocker works, and how Sophos works to block this threat.