Our customers have asked us a number of questions about a nasty ransomware Trojan that has been making the rounds since early September. We wanted to let you know a bit more about Cryptolocker and how Sophos protects you against it.
Our SophosLabs threat experts first spotted Cryptolocker (detected as Troj/Ransom-ABV) on September 6, and we have been actively protecting against this threat since September 10.
We also updated our detection as of October 9, based on the latest samples we received. We detect these threats as Troj/Ransom-ACP and Mal/Ransom-BW. You can find out more about Cryptolocker in the detailed analysis posted by SophosLabs.
On October 10, we were contacted by a concerned Sophos customer about a thread in the Spiceworks Community regarding Cryptolocker. We put together this FAQ to give you answers to some common questions.
How can I protect myself from Cryptolocker?
Make sure that your computer(s) are running the latest version of our software. Keep your Sophos software up to date with identity files, and configured for best protection. In this case, make sure you have HIPS turned on to stay protected from file cryptors proactively.
Also, keep in mind that this threat is an urgent reminder of the importance of backup. With Cryptolocker, the encrypted files cannot be recovered and sadly, it does not look as though the bad guys made any cryptographic mistakes.
Does Sophos Endpoint Security protect my computer from Cryptolocker?
Yes, but malware writers are constantly updating and releasing new variants and families. You must stay fully up to date with the latest Sophos releases. For more information on how to most effectively deploy Sophos Endpoint, read our knowledgebase article to get best practices advice from our Support team.
How do I remove ransomware once detected?
If your Sophos solution has a Trojan or virus in quarantine that you want to get rid of, read this knowledgebase article on how to remove Trojans, worms, viruses, and other malware with Sophos Anti-Virus.
Can I send you a sample?
Yes, please send us samples at samples@sophos.com. The more samples we get, the better we can keep our detections updated. You can also go to our knowledgebase article on how you can submit samples via email or directly through our website.
How can I learn more about ransomware?
Check out this knowledgebase article on ransomware created by our stellar Support team. You can also download our recent whitepaper on ransomware (registration required). Follow our Support team on Twitter at @SophosSupport to get the latest developments. And join our community on Spiceworks.
We’ll always try to reassure you when you see something alarming like this.
[UPDATE 17 Oct] Our Support team created this short video that shows you how Cryptolocker works, and how Sophos works to block this threat.
Destructive malware “CryptoLocker” on the loose – here’s what to do | Naked Security
[…] submission system, and how to find us on the IT social business network Spiceworks, please see this article on the Sophos corporate […]
ste williams – Destructive malware "CryptoLocker" on the loose
[…] submission system, and how to find us on the IT social business network Spiceworks, please see this article on the Sophos corporate […]
Destructive malware “CryptoLocker” on the loose – here’s what to do » Cyber Crimes Unit | Cyber Crimes Unit
[…] submission system, and how to find us on the IT social business network Spiceworks, please see this article on the Sophos corporate […]
ste williams – Destructive malware “CryptoLocker” on the loose – here’s what to do
[…] submission system, and how to find us on the IT social business network Spiceworks, please see this article on the Sophos corporate […]
Destructive malware "CryptoLocker" on the loose » Cyber Crimes Unit | Cyber Crimes Unit
[…] submission system, and how to find us on the IT social business network Spiceworks, please see this article on the Sophos corporate […]
How Cryptolocker encrypts your files and extracts a ransom (Video demo) | Sophos Blog
[…] we told you about how Sophos protects you from the nasty Cryptolocker ransomware that’s on the loose. Now we’d like to give you a little demonstration of how it […]
Virtual Mining Bitcoin News » Fiendish CryptoLocker ransomware: Whatever you do, don't PAY
[…] Sophos (more info here) and other firms have added detection for strains of CryptoLocker to their antivirus products as […]
ste williams – Fiendish CryptoLocker ransomware: Whatever you do, don’t PAY
[…] Sophos (more info here) and other firms have added detection for strains of CryptoLocker to their antivirus products as […]
Sophos expert talks about Cryptolocker and bitcoin ransom on CNBC (Video) | Sophos Blog
[…] protects our customers against Cryptolocker and other ransomware threats. Watch the video created by our Support team to learn more about how […]
Sophos expert predicts rise of ransomware in 2014 | Sophos Blog
[…] Sophos protects our customers against Cryptolocker and other ransomware threats. Watch the video created by our Support team to learn more about how Cryptolocker works, and what happens when Cryptolocker infects a computer. You can also download our recent whitepaper on ransomware (registration required). […]
Spam emails delivering social engineering attacks: How to protect your business users | Sophos Blog
[…] spam attachments such as Zbot are increasingly loading the dangerous ransomware known as Cryptolocker, which encrypts all of the data and files on your computer and demands a ransom of up to $1,000 to […]
Decoding Cryptolocker: How it works and how to protect your files (Presentation) | Sophos Blog
[…] we’ve documented, Cryptolocker first emerged in September 2013 and has quickly evolved as the cybercriminals behind it figure out ways to make […]
Combating the Cryptolocker Virus
[…] More information about Cryptolocker – http://blogs.sophos.com/2013/10/10/information-regarding-the-cryptolocker-ransomware-trojan-making-t… […]
Cryptolocker surfaces in fake UK Royal Mail emails, many victims willing to pay | Sophos Blog
[…] SophosLabs, our own researchers have tracked Cryptolocker since it first emerged in September 2013. Our coverage of the October 2013 outbreak can be found […]
O malware destrutivo – “CryptoLocker” | Gabriel Oliveira
[…] de envio de amostra, e como nos encontrar no Spiceworks rede de negócios sociais-lo, consulte este artigo no blog da empresa […]