Tag Archives: infected

Is Cryptovirus back as a worm?

03 Sep 15
lverbik
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
No Comments

19798163_s (2)Just when you think it can’t get any worse, it does—it seems likely there is a new variant to the Cryptolocker virus—that insidious virus known to encrypt all your files and hold them ransom for $300. This new strain may or may not be Crypt, but it was reported recently to have been able to replicate to other workstations and begin encrypting user folders, though many IT peers do not believe that capability exists as yet.

Whether it is possible or not, it’s something to watch out for. The affected business not only was infected across multiple workstations, but also its server by way of mapped drives. The victim in this case saw a web page open at the workstation with a threatening hijack message and links to download the solution that unlocks the user’s data.

Its evil authors no doubt immediately began working on this new poison once researchers from FireEye and Fox-IT were able to reverse-engineer the virus and provide a solution to Cryptolocker’s victims in May of this year. Of course, half a million people had already been affected and 1.3 percent had paid cash to free their files from the criminals—to the tune of $3 million.

Following the forum discussion about this new case reveals that the most likely source of this virus may actually be a flash-based ad on a compromised site that many people in the office could have accessed. It is possible that someone shared a link containing the virus, or perhaps everyone had a program installed already that popped up an embedded ad that was clicked on.

No matter whether the new strain is able to actually replicate to other stations or not, this is a good reminder to take every measure available to safeguard your files. Number one, add this virus’s file names to your file screens: *.aaa and restore_. Two, backup always! Three, get legit anti-virus and monitoring software. Four, patch your workstations. Five, contact the team at Techno Advantage for help selecting the right cloud-based or on-premise backup and storage solutions.

Need more help deciding how to protect your business from a malware attack? Contact a Techno Pro today! And watch this blog for updates on any new malware. We want to keep you informed.

Protecting Against Ransomware Threats

16 Dec 14
lverbik
, , , , , , , , , , , , , , ,
No Comments

In case you aren’t familiar with that term, ransomware refers to programs that hold your computer or hard drive hostage, demanding that you pay a ransom fee (hence the name) if you want to get your information back.

Once users become infected, they see an error screen that tells them they have a fixed amount of time, usually 100 hours, to send money to the virus developer before all information on the drive will be unavailable, deleted or encrypted.

Obviously, that can put anyone in a tough position. So, let’s look at what we know about one of the best known types of ransomware called a crypto virus, what you can do if it infects your computer, and the steps you can take to avoid it.

Like many other computer viruses, the crypto virus spreads through email attachments, infected programs and compromised websites.  Typically, these are disguised as PDF or Word files, hiding in official-looking emails.

Once you open the message, and the accompanying attachment, the virus hijacks your computer, and only the ransom screen will be shown.

Attackers may use one of several different approaches to extort money from their victims:

  • After a victim discovers he cannot open a file, he receives an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if the ransom is not paid by a certain date, the private key will be destroyed and the data will be lost forever.
  • The victim is duped into believing he is the subject of a police inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
  • The malware surreptitiously encrypts the victim’s data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites.

To protect against data kidnapping, Techno Advantage urges all users to backup data on a regular basis. If an attack occurs, do not pay a ransom. Instead, wipe the hard drive clean and restore data from the backup.

What To Do If Your Computer Becomes Infected With the Crypto Virus

The first thing to do, if you detect that one of your computers has become infected with the crypto virus, is to disconnect it from the network. Also, avoid connecting the computer to any external drives or storage devices. It is possible for connected computers, or entire networks, to become infected from a single workstation that’s sharing information.

Next, speak with a Techno Advantage IT professional immediately.

If you have a reliable backup and data recovery system in place, your IT professional can probably restore your files and computer back to a previous save point within an hour or two.

Here are 6 additional tips to help keep you, your business and your equipment safe.

  • Keep regular backups of your important files.
  • Use an anti-virus, and keep it up to date.
  • Keep your operating system and software up to date with patches.
  • Review the access control settings on any network drives you have.
  • Don’t give administrative privileges to your user accounts.

Don’t let the crypto virus keep you up at night…just be prepared with a solid backup solution and a trusted Techno Pro to guide you.  Contact us today for a consultation!