Crypto TorLocker2015 Security Warning

Recently, JENLOR has seen a few cases of a new version of the CryptoLocker virus called CryptoTorLocker2015. Although we don’t have specifics about how CryptoTorLocker2015 is installed on a computer, we do know that once it is installed, the virus begins scanning your computer and infecting data files and shortcuts. During the encryption process, the CryptoTorLocker2015 virus changes filenames and adds a new extension to a user’s files. We’re also seeing a “ransom note” added to any directory that the virus encounters – “HOW TO DECRYPT FILES.txt.”

Please be on the lookout for any emails with FAX or URGENT in the subject line or in an attachment. Note the .zip extension on these files and please DO NOT open any attachments. Deleting and reporting these types of emails will be critical in stopping the spread of this infection.

What do I need to do?

    • Be selective with your downloads; download from trusted locations only.
    • Look at the extension. Mischievous files often have fake extensions designed to trick you, such as “.txt.vb” or “.jpg.exe.”
    • Don’t open anything you don’t trust completely.
    • If an unexpected Zip file is attached to email from someone you know, consider verifying with the sender that the attachment is legitimate. Some viruses spread by emailing copies of themselves to everyone in the contact list of an infected computer; this means that you can receive infected files even from people you know.
    • Disable email image preview. Many email applications can automatically load images for convenience, but this can leave you more vulnerable, as images can contain malicious code.
    • Avoid downloading Zip files from untrusted web sites.
    • Beware of odd emails from companies you do business with.

Please do not hesitate to call our service team at 412.220.9330 x 2 if you have any questions or concerns. Or, you can forward the suspect email directly to: for our team to review.