After writing about this in December last year, I have noticed that there has since been a rise in the number of unsolicited email that have .zip file attachments being delivered to user’s Mailboxes. This will usually purport to come from a bank, but have in the past pretended to be from courier companies, software companies, HMRC or utility companies. The one common strand in this is that there will be a zip attachment that you are encouraged to open. The hook for this is that you will be told that the zip file contains an attachment you must see – it may claim to be an invoice, delivery note or tax rebate.
These emails seem to be able to get past most anti-virus and anti-spam scanners – we have seen infections of machines protected by different brands of AV and received by different methods of email delivery.
The attached zip file actually contains a virus, and these can be very nasty ones. The worst one would seem to be a variant of the Cryptolocker. This virus will encrypt your documents and sometimes those on mapped network drives, and then demands a ransom be paid via credit card or by Bitcoin to decrypt them. There is time limit to pay within, usually 72 or 100 hours; otherwise Cryptolocker claims the files can never be decrypted. There is a good description of how the virus operates on Wikipedia.
So, how can you stop this virus getting onto your machine? As the spread of this virus can only happen if the zip attachment is opened, do not open the zip attachment.
Remember that banks, HMRC, sage and other companies never send out these types of emails. If you receive them, delete them straight away. Do not, under any circumstances, open attachments on emails that arrive unexpectedly, however good the provenance of the send may claim to be.
Also, make sure you take regular backups of your documents. Make sure you monitor the backup to ensure it works as and when it should. Have the restore procedure tested – a backup is no good if it cannot be restored. Speak to your IT specialist if you have any reason to think you may have been infected, as speed is essential in dealing with this.