American law firm admits entire server of legal files fell victim to Cryptolocker

A small American law firm has admitted that every document on a server at the Charlotte-Mecklenburg company has fallen prey to the Cryptolocker ransomware, according to a report by local station WSO CTV.

The infection arrived via a phishing email, according to Paul Goodson, who heads the firm in North Carolina state capital Charlotte.

“It was actually an email that looked like it was coming from our phone system because our system sends voice mail messages as an attachment,” said Goodson. Opening the email led to “every single document” at the firm being encrypted, according to CSO’s report.

Goodson says his IT department tried to deal with the malware infection, but after their attempts failed, he attempted to pay the ransom ($300), but was by that point beyond Cryptolocker’s countdown timer. That has left every single document on the firm’s main server – including PDFs and Word documents – encrypted, according to Computer World’s report.

WSO TV reports that the criminals behind Cryptolocker have made $30 million from the ransomware, which greets users with messages such as, “To decrypt files, you need the private key. The single copy of the private key is on a secret server. The server will destroy the key after the time specified in this window. After that, nobody will be able to restore the files.”

“The virus also warned if you tried to tamper or decrypt anything, it was going to be permanently locked and you could never open it,” Goodson said.

TechWorld points out that Goodson’s firm is far from the only small business to fall prey to the malware:  Other recent Cryptolocker attacks in the US have included a town hall that lost eight years of documents, and even a police department that brazenly admitted to having paid $750 for two Bitcoins to buy back sensitive files locked by the Trojan. Small-town America is only slowly waking up to this remarkably effective malware’s potent threat.”

ESET’s Lysa Myers offers a guide to how to avoid infection by ransomware such as Cryptolocker, saying, “Since the beginning of September, the malware authors have sent waves of spam emails targeting different groups.  Initially emails were targeting home users, then small to medium businesses, and now they are going for enterprises as well.”

Myers says that being prepared for such attacks is the best defense, “On the one hand, ransomware can be very scary – the encrypted files can essentially be considered damaged beyond repair. But if you have properly prepared your system, it is really nothing more than a nuisance.”

Author Rob Waugh, We Live Security

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
10 Feb 2014
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.