News – Security Alert: CryptoJoker

February 11, 2016 Talon Systems

The latest discovered ransomware called Cryptojoker involves an e-mail attachment which pretends to be customer support related from FedEx, UPS, DHS, or the like.  If opened, it will try to evade anti-virus and anti-spyware software to encrypt data on your computer and network, making the data inaccessible and holding it hostage.


CryptoJoker uses AES-256 encryption that demands a ransom in bitcoins to get your files back.  As soon as CryptoJoker activates, it will scan all of your drives including mapped network drives for targeted file extensions, encrypt them and append  ".crjoker" to them all the while sending your identity information to a server with the date, your hostname, username and machine name.


Currently, there is not a known free method to decrypt the files.  To get your files back, first have the infection removed and restore from backup.  If that is not possible you'll be left to pay the ransom to get the decryption key (which may or may not recover your files) and is absolutely not advised as this opens up you up to other risks and labeled as a "good target".


Updates are continually being released to antivirus software, firewalls and spam filters, but you are the last line of defense, when in doubt, be safe and delete suspicious emails and report it to your IT department right away.


Talon Systems - Cryptojoker Ransomware