VIRUS/MALWARE ALERT: As always do not click on files that you get in email unless you know who it is from and you are expecting it and it is exactly what you expected.
This is always the case but there is malware running around right now that we are actually seeing hit people that will ENCRYPT your files and ask you for $300 to get them back. Effectively you will LOSE YOUR FILES. Make sure you have backups on any machine that you read email on or browse the web on.
Visualize your corporate network shares all being encrypted. This doesn’t require any high level rights, if someone can change a file they can encrypt it.
Lawrence Abrams (security MVP) had one of the best write-ups I’ve seen about CryptoLocker
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
I know a high percentage of security cases right now are due to this.
Any IT professional should have several layers of malware defense in place (antivirus, firewall, web filter, etc.) and frequent backups of their network shares. My advice for anyone who has a computer infected with Cryptolocker: disinfect your computer and take more precautions in the future (antivirus & backups). Whatever you do, DON’T pay the ransom–that just encourages this type of malware.
Sophos (a security software developer) also has some good posts about Cryptolocker:
http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/
http://blogs.sophos.com/2013/10/17/how-cryptolocker-encrypts-your-files-and-extracts-a-ransom-video-demo/