Crypto Locker Virus Being Spread as Fake Voicemail Attachment

posted in: Sage Advice | 0

In the past couple of weeks, we have been seeing about a dozen emails with the subject “Voice Message” or “New Voice Mail” with an attached zip file. Our mail server software catches these emails but these emails contain the Crypto Locker virus.

Please see the picture below:





The virus is an email looking like a voice mail notification. The important thing to note is that the virus code itself is contained inside a .zip file – the file name ends in .zip.

This is an incredibly destructive virus that encrypts all of the data on your system, and then demands a ransom to give you your files back. Recovery without paying the ransom is for all practical purposes impossible. Please make sure you are backing up your data, and that you routinely test those backups!


Preventing CryptoLocker virus infection

This nasty virus is spread by opening email attachments or through other “social engineering” means.

Spam/Virus filtering such as ours and others are aware of the threat and actively block emails that contain elements of this and other malware, but it is very important to understand that no virus or spam filtering software can be 100% effective.

If you believe you have received an email that contains malware, do not click on any attachments or links.

The best thing you can do right now to avoid getting a CryptoLocker virus infection is to make sure you, as well as your staff, are aware of the threat and extremely careful with opening email attachments.

We recommend notifying your employees immediately of this new virus and making sure everyone is following some basic preventive measures:

  • Do not click on attachments in emails from someone you don’t know or companies from which you haven’t expressed interest in receiving information.
  • Do not click on links, advertisements or pictures that pop up on your screen when visiting other websites.
  • Do not respond to unsolicited emails.
  • Do not engage in social media games or click on links that appear on social media platforms.
  • Do not disable security settings such as antivirus, firewall, filtering, and site monitoring programs.
  • DO have a proper backup solution already set up. This is critical to recovery should you fall prey to this. PLEASE NOTE! Some simple or improperly-set up backup solutions such as flash drives, USB hard drives, etc. may be vulnerable to the virus as well if they are attached to an infected system.

If you are unfortunate enough to get this virus and you get a screen asking for the ransom, DO NOT CLOSE IT. If you close it you will lose the unlock code. Without this code you will never be able to decrypt your files. Some users that have been infected and HAVE paid the ransom by providing the ransom code, have been successful in retrieving their files. However, once the criminals have access to your financial data, who knows what will happen next.

We will continue to provide updates as we learn more.

Leave a Reply