Security Alert: CryptoLocker 2.0

SHARE this post!CryptoLocker 2.0

We are seeing a new version of the crippling malicious software CryptoLocker that hit the digital community last fall and winter. It dubs itself CryptoLocker 2.0, but it is actually a copycat, or a completely new version, of the malware. In the last week alone, we have come across almost half a dozen area businesses victimized by attacks.

There are technical differences between the two, however the delivery and result are similar.


  • CryptoLocker 2.0 normally attacks via e-mail. In addition to the original messages with bogus links, CryptoLocker 2.0 also hides in zipped files within messages with routine subject lines like: "New Fax : 2 pages" purporting to come from an administrator account within your company's trusted domain.
  • Once the user opens the attachment or link, the ransomware is loaded. In addition to all of the Office and database files the original version encrypted, CryptoLocker 2.0 also encrypts photos, video and music files, and more. Theuser is completely locked out of their own files.
  • CryptoLocker 2.0 then posts a message on the user's screen demanding payment to decrypt files.
  • Normal security prevention and antivirus tools will NOT prevent or clean up the infection.
  • Files can only be recovered from a backup restore and system rebuild or, in the worst case scenario, by paying the ransom.

What to do:

  • Notify your users immediately! Tell them to be wary of any e-mail messages with unexpected links or attachments. Any suspicious e-mail should be verified as legitimate before clicking on any link. If in doubt, DELETE it!
  • Verify your backups and make sure they are operating properly. Hopefully, you won't need it, but if you do, you'll be glad to know it's up-to-date.
  • If you become infected, instantly remove the device from the network and shut it down. Contact Daystar immediately for assistance.
We are currently testing proactive measures to help minimize your chance of infection from CryptoLocker 2.0. Unfortunately, there is no known way to completely prevent it. If you would like more information, please contact Daystar's Professional Services Group via your  client portale-mail, or via phone at 603.766.5924 x3.
For more information on CryptoLocker, please visit our original  blog post.

Recent Posts