I just saw my first cryptolocker infection on a client's computer..
they couldn't get into our software because the setup.dbf and station.dbf has become trashed (as far as we could tell). We got onto their system remotely, and i started to investigate file sizes, dates, etc...  while looking at things in date order, i noticed 3 files .html, .txt and .url all named decrypt_instructions.  
i used notepad to look at them and saw they were cryptolocker instuctions.  
I advised client that his network and computers were unusable at this time and to  turn off and disconnect all machines on the network and call in someone local to review the situation...
we use strange extensions for most of our data files, and those didn't seem to be hit by the malware (yet)..
			
			
									
									CryptoLocker
CryptoLocker
Brian Wolfsohn
Retired and traveling around the country to music festivals in my RV.
breadmanbrian@bsky.social
http://www.breadmanrises.com
FB travel group: The Breadman Rises
						Retired and traveling around the country to music festivals in my RV.
breadmanbrian@bsky.social
http://www.breadmanrises.com
FB travel group: The Breadman Rises
Re: CryptoLocker
Jon's system in Omaha got bit really bad by that virus about a year ago.
It hit every database that was a .DBF.
We restored from backup and immediately started a program that opened all the databases shared.
We were using ADS.
Cryptolocker can only affect .DBFs that it can open exclusive.
We were able to keep running until their IT department got rid of the virus.
			
			
									
									It hit every database that was a .DBF.
We restored from backup and immediately started a program that opened all the databases shared.
We were using ADS.
Cryptolocker can only affect .DBFs that it can open exclusive.
We were able to keep running until their IT department got rid of the virus.
 The eXpress train is coming - and it has more cars.
						