Information regarding the Cryptolocker ransomware Trojan making the rounds

Ransomware CryptolockerOur customers have asked us a number of questions about a nasty ransomware Trojan that has been making the rounds since early September. We wanted to let you know a bit more about Cryptolocker and how Sophos protects you against it.

Our SophosLabs threat experts first spotted Cryptolocker (detected as Troj/Ransom-ABV) on September 6, and we have been actively protecting against this threat since September 10.

We also updated our detection as of October 9, based on the latest samples we received. We detect these threats as Troj/Ransom-ACP and Mal/Ransom-BW. You can find out more about Cryptolocker in the detailed analysis posted by SophosLabs.

On October 10, we were contacted by a concerned Sophos customer about a thread in the Spiceworks Community regarding Cryptolocker. We put together this FAQ to give you answers to some common questions.

Cryptolocker encrypts a victim's files and demands a ransom.

Cryptolocker encrypts a victim’s files and demands a ransom.

How can I protect myself from Cryptolocker?

Make sure that your computer(s) are running the latest version of our software. Keep your Sophos software up to date with identity files, and configured for best protection. In this case, make sure you have HIPS turned on to stay protected from file cryptors proactively.

Also, keep in mind that this threat is an urgent reminder of the importance of backup. With Cryptolocker, the encrypted files cannot be recovered and sadly, it does not look as though the bad guys made any cryptographic mistakes.

Does Sophos Endpoint Security protect my computer from Cryptolocker?

Yes, but malware writers are constantly updating and releasing new variants and families. You must stay fully up to date with the latest Sophos releases. For more information on how to most effectively deploy Sophos Endpoint, read our knowledgebase article to get best practices advice from our Support team.

How do I remove ransomware once detected?

If your Sophos solution has a Trojan or virus in quarantine that you want to get rid of, read this knowledgebase article on how to remove Trojans, worms, viruses, and other malware with Sophos Anti-Virus.

Can I send you a sample?

Yes, please send us samples at samples@sophos.com. The more samples we get, the better we can keep our detections updated. You can also go to our knowledgebase article on how you can submit samples via email or directly through our website.

How can I learn more about ransomware?

Check out this knowledgebase article on ransomware created by our stellar Support team. You can also download our recent whitepaper on ransomware (registration required). Follow our Support team on Twitter at @SophosSupport to get the latest developments. And join our community on Spiceworks.

We’ll always try to reassure you when you see something alarming like this.

Crypto Locker

[UPDATE 17 Oct] Our Support team created this short video that shows you how Cryptolocker works, and how Sophos works to block this threat.

15 thoughts on “Information regarding the Cryptolocker ransomware Trojan making the rounds

  1. Pingback: Destructive malware “CryptoLocker” on the loose – here’s what to do | Naked Security

  2. Pingback: ste williams – Destructive malware "CryptoLocker" on the loose

  3. Pingback: Destructive malware “CryptoLocker” on the loose – here’s what to do » Cyber Crimes Unit | Cyber Crimes Unit

  4. Pingback: ste williams – Destructive malware “CryptoLocker” on the loose – here’s what to do

  5. Pingback: Destructive malware "CryptoLocker" on the loose » Cyber Crimes Unit | Cyber Crimes Unit

  6. Pingback: How Cryptolocker encrypts your files and extracts a ransom (Video demo) | Sophos Blog

  7. Pingback: Virtual Mining Bitcoin News » Fiendish CryptoLocker ransomware: Whatever you do, don't PAY

  8. Pingback: ste williams – Fiendish CryptoLocker ransomware: Whatever you do, don’t PAY

  9. Pingback: Sophos expert talks about Cryptolocker and bitcoin ransom on CNBC (Video) | Sophos Blog

  10. Pingback: Sophos expert predicts rise of ransomware in 2014 | Sophos Blog

  11. Pingback: Spam emails delivering social engineering attacks: How to protect your business users | Sophos Blog

  12. Pingback: Decoding Cryptolocker: How it works and how to protect your files (Presentation) | Sophos Blog

  13. Pingback: Combating the Cryptolocker Virus

  14. Pingback: Cryptolocker surfaces in fake UK Royal Mail emails, many victims willing to pay | Sophos Blog

  15. Pingback: O malware destrutivo – “CryptoLocker” | Gabriel Oliveira

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s