Cryptolocker scrambles US law firm's entire cache of legal files
Trojan looked like voicemail attachment
A small US law firm has bravely admitted losing its entire cache of legal documents to the Cryptolocker Trojan despite attempting to pay the $300 (£180) ransom in a bid to have them unscrambled.
According to TV reports, Goodson’s law firm in North Carolina's largest city Charlotte became the latest victim of a malware menace that was custom-written to lever ransom money from precisely this type of relatively cash-rich but time-poor firm.
The email infected a company server holding thousands of important documents after an email with a malicious attachment was mistaken for a message sent from the firm's phone answering service.
Related Articles on Techworld
That error left every single document used by firm on its main server in an encrypted state, including Word, WordPerfect and PDF files, said Goodson’s owner, Paul M. Goodson.
"The virus also warned if you tried to tamper or decrypt anything, it was going to be permanently locked and you could never open it,” Goodson said.
After IT staff were unable to make any headway against the malware’s encryption, Goodson tried to pay the ransom but discovered that the grace period – another nasty aspect of Cryptolocker - had expired.
The only blessing was that the malware had scrambled files and not stolen them, Goodson added.
According to the Wsoctv TV channel, local police were aware of at least 30 cases where paying the ransom had resulted in an unlock key being delivered. Balancing this, we should point out that not everyone has reported having this success.
The best general advice is to avoid needing an unlock key at all by backing and archiving up files on a regular basis. Cryptolocker starts encrypting files quickly so anything backed up even hours before should be recoverable if a backup is available.
Goodson’s Law Firm is only the latest in a very long line of SMEs that has found itself on the receiving end of Cryptolocker’s nastiness but there are some encouraging elements to the incident. The fact that an SME is willing to speak of its troubles to a local TV station suggests that the traditional taboo over owning up to malware incidents could be waning.
A less positive way of looking at it is to say that such attacks are now so normal many SMEs are being forced to view malware as just another hazard to be endured as a straightforward cost of business.
Other recent Cryptolocker attacks in the US have included a town hall that lost eight years of documents and even a police department that brazenly admitted to having paid $750 for two Bitcoins to buy back sensitive files locked by the Trojan. Small-town America is only slowly waking up to this remarkably effective malware's potent threat.
Correction: this story originally mis-stated Charlotte (rather than Raleigh) as being North Carolina's state capital.