Alert: Malicious “Cryptolocker” Virus

The WVOT is seeing an influx of dangerous viruses and infection attempts in the form of “ransomware.”  Ransomware is a type of malware that restricts access to a computer system and demands a ransom be paid to the creator of the malware in order for the restriction to be removed.
One specific type of ransomware is called Cryptolocker. It encrypts all Office documents and database files on the local computer, as well as files on the network. It will also encrypts data on any attached drives (internal, USB and network). Each file is encrypted and then the entire batch of files is encrypted a second time. Currently, there is no way to decrypt the files. The only way to recover the information is to restore from backup.
What can I do to protect my organization from this virus?
Anti-virus software, firewalls and SPAM filtering technologies help filter malicious files and significantly reduce the chances of infection, but most infections are caused by users bypassing these precautions.
To help prevent infection:
·         Viruses like Cryptolocker like to hide in plain sight as files for invoices, shipping confirmations, payroll information and other common email attachments.
·         Never download or open file attachments from unknown email senders or websites.
·         Follow State technology policies. Stick to work-related sites on the State network – personal emails, devices, games, music, and movies are a common source of virus infections. 
·         ALL critical State data must be saved to server drives assigned to you (not your C: drive).  These server drives are backed up to a remote location, and assure the protection of valuable State data.