You don’t want to see this pop up on your screen.

**Updated** Since the posting of this blog, we have had clients that have been affected by this very serious and widespread threat. We originally sent out an email to our Managed Services clients, but in light of the severity of this threat, we felt it was important enough to share the email with everyone on our Complimentary IT Alert email list. Also, to see first hand how this is affecting people in the area, click on the link to see our recent Facebook post that discusses how one local business came through the ordeal with much less aggravation than they would have experienced had they not had the foresight to partner with Tech II!


Every day the threats to your data systems grow, and your (and your users’) understanding of these threats is the single greatest protection against them. At Tech II, we recommend and support the best possible products to defend and protect your environment. When you use our solutions, most threats will never even make it to your desktop. The issue is that there is big money in the threat business, and they’re constantly evolving, so some threats do manage to make it through to your systems – mostly via email.

Every single week we are helping our MSP clients recover from problems that would have been avoided with some education. This week alone, our team here has been working overtime recovering dozens of critical systems that are down, not because our recommendations didn’t work, but rather because users weren’t educated. There is a new variant of Cryptolocker out there and it is NASTY.  Millions of dollars are being spent to recover from the threat.

Often when consoling clients that suffer a data loss or infection (ranging from complete to partial), and a production loss, I’ll explain, “The best locks won’t keep out threats when you open the door.” Essentially, this is what is happening here. The most common scenario: A user receives an email and opens a file presenting itself as a legitimate document from a legitimate source when that is not at all the case. As soon as the user opens the file, the threat goes to work. You’ve opened the door. You’ve let the malicious software in to your critical systems, and now it’s going to create havoc. The most common, evolving, and effective threat is Ransomware. While Cryptolocker isn’t a new threat, and most new threats will be blocked, the big money in this business keeps a steady stream of dollars flowing to create new variants of these existing threats.

These are some simple actions you can take that will significantly decrease your chance of becoming a victim:

Fact: CryptoLocker is most often spread through booby-trapped email attachments, but the malware can also be deployed by hacked and malicious web sites.

    • If you have concerns on legitimacy, DON’T OPEN any link or attachment!!
    • If an email seems suspicious, contact the sender to verify they’ve sent the attachment. Review the business need for the file!
    • Unless you require a file for work purposes, play it safe and don’t open!
    • Verify that the address matches the purported sender before opening. If not, don’t open!
    • Were you expecting the email and attachment? If not, be suspicious and don’t open!
    • Is spelling and grammar in line with what you’d expect? If not, don’t open!
    • Keep your computer systems on the latest supported platforms. If you’re still running XP, you’re at higher risk than those on later operating systems.
    • We will be posting a new document to our resource library this week with further helpful details.
  • Do not load any unnecessary applications on your computer
    • Even seemingly innocent add-on applications are conduits to malicious threats.
    • You don’t need Weather Bug or any similar toolbar to do your work.
    • We only allow approved business applications on our host environments, resulting in a fraction of issues witnessed in the average premise-based server solution.
  • Avoid any non-work related habits
    • You really don’t want to be the person in your office that takes down the computer system!
    • Even if your company allows it, avoid non-work related browsing on the web.
    • Unless it’s part of your job, avoid social media.
    • Avoid chat applications.
    • Use your phone if you need to – not your company’s valuable work asset.
  • Read our complimentary email alerts
    • These are free, real-time announcements regarding threats that we’re seeing, and on which we’re educating our MSP clients.
    • If you don’t currently receive these alerts, please send an email to your TAM or our Operations Department requesting to be added to the list.
    • Often, we will refer you to our latest blogs in these alerts for more detailed information.
  • Follow the Tech II Blog found on our web site at
    • The Blog archives detail many preventative measures and other useful information.
    • We’ve posted at least two blogs specifically related to Crypotlocker.
    • Set a task to visit and review this Blog to stay on top of the current threat landscape.
  • Review the Tech II Resource Library at Library
    • This is another free resource for our registered clients.
    • These white papers provide more in-depth and detailed information.
    • Many of the instruments provided are the same tools our own staff use.
  • BACKUP!!
    • When all else fails, you’ll want confidence that you can at least recover your data from some point before the attack.
    • Most of our customers who’ve been affected by Cryptolocker have to undergo some sort of restoration – either partial or complete.
    • If you have to recover files, you will likely experience some data loss back to a time before the infection.
    • All environments impacted experience downtime. Most often, how long is dependent on the backup restoration time.
    • Depending on your backup strategy, downtime can range from a few hours to many days, or even weeks.
    • Get your backups offsite! In many cases our engineers must resort to the offsite backups due to the onsite damage done by the threat.
    • Please contact your account manager with any questions related to your backup strategies.
    • Review one of our prior blogs: How’s your critical data doing?
  • Parse the pertinent information from our resources for your environment and send it out to your users
    • Educating your users about best practices is likely the single, best defense against these threats.
    • When in doubt, don’t open attachments!
    • Don’t click on hyperlinks you aren’t 100% confident of.
    • Don’t perform non-work related activities on your business computer.
    • Backup your systems.

Check out the Recovery as a Service section of our website for some more valuable information.

Also, please refer to the white paper on Ransomware, available in the Resource Library section of our website. You must register for access, but registration is free and easy!