CERT Updates CryptoLocker Ransomware Alert
Posted by: Erick Russell
November 14, 2013
This year, US-CERT (the United States Computer Emergency Readiness Team) identified a malware campaign titled CryptoLocker, and last week, it updated the alert on this malware. (https://www.us-cert.gov/ncas/alerts/TA13-309A) CryptoLocker is a new version of ransomware that restricts access to infected computers and “demands” that the victims pay “ransom” to the attackers in order to have their files decrypted and recovered.
If a user or administrator believes that it may have been infected with ransomware, US-CERT and the Department of Homeland Security recommend ignoring the demands for payment and reporting the incident to the Federal Bureau of Investigation at the Internet Crime Complaint Center (IC3). US-CERT also suggests taking steps to mitigate the infected system once CryptoLocker malware is detected, including immediately disconnecting the system from the wireless or wired network, consulting with a reputable security expert to assist in removing the malware, and changing all passwords after the malware is removed.