Tag Archives: Techno Pro

Is Cryptovirus back as a worm?

03 Sep 15
lverbik
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
No Comments

19798163_s (2)Just when you think it can’t get any worse, it does—it seems likely there is a new variant to the Cryptolocker virus—that insidious virus known to encrypt all your files and hold them ransom for $300. This new strain may or may not be Crypt, but it was reported recently to have been able to replicate to other workstations and begin encrypting user folders, though many IT peers do not believe that capability exists as yet.

Whether it is possible or not, it’s something to watch out for. The affected business not only was infected across multiple workstations, but also its server by way of mapped drives. The victim in this case saw a web page open at the workstation with a threatening hijack message and links to download the solution that unlocks the user’s data.

Its evil authors no doubt immediately began working on this new poison once researchers from FireEye and Fox-IT were able to reverse-engineer the virus and provide a solution to Cryptolocker’s victims in May of this year. Of course, half a million people had already been affected and 1.3 percent had paid cash to free their files from the criminals—to the tune of $3 million.

Following the forum discussion about this new case reveals that the most likely source of this virus may actually be a flash-based ad on a compromised site that many people in the office could have accessed. It is possible that someone shared a link containing the virus, or perhaps everyone had a program installed already that popped up an embedded ad that was clicked on.

No matter whether the new strain is able to actually replicate to other stations or not, this is a good reminder to take every measure available to safeguard your files. Number one, add this virus’s file names to your file screens: *.aaa and restore_. Two, backup always! Three, get legit anti-virus and monitoring software. Four, patch your workstations. Five, contact the team at Techno Advantage for help selecting the right cloud-based or on-premise backup and storage solutions.

Need more help deciding how to protect your business from a malware attack? Contact a Techno Pro today! And watch this blog for updates on any new malware. We want to keep you informed.

DON’T OPEN THAT RÉSUMÉ SO FAST: THE LATEST SCARY TREND IN RANSOMWARE

23 Jun 15
lverbik
, , , , , , , , , , , , , , , ,
No Comments

YOUR COMPUTER HAS BEEN LOCKED. Now you must pay ransom to an unidentified thief in order to unlock your computer system and gain access to your own data or lose it forever. This might be the worst message to ever have come across your computer screen. If you become its victim, the only way around it is either, 1) pay them, or 2) reformat your computer, and restore data from a backup (if you have it). There’s no easy way out—they lock your drive so you won’t be able to “hack” your way back in, and this is not only local drives, but they can affect mapped drives as well, so if you have a data drive on a company server that everyone uses, that one can be hijacked too.

You’ve just experienced CryptoWall, a new and highly destructive variant of ransomware—a malicious software that infects your computer and holds hostage something of value to you in exchange for money. With CryptoWall, thieves use asymmetric encryption, where the decryption key is different from the encryption key and is not stored next to the encrypted data. This forces victims to pay the thief a ransom for the decryption key to unlock the data. It is so insidious as to encrypt your data with RSA-2048 standard, which makes decryption just about impossible within the given timeframe the infection hobbles you with—usually 48 hours.

And now criminals have refined their malware yet again through the use of exploit kits to spread their poison deeper and wider. This time, with seemingly innocent looking résumés.

How it works:

A hacker sends a zipped file or corrupted word document appearing to be a résumé of a potential hire. When opened, it encrypts the entire contents of the computer and possibly network drives. Information on how to pay a “fee” to decrypt your files is then presented on the screen. After some time, the “fee” may double or you cannot retrieve the files at all. Criminals may demand $500 or more to lift the restrictions on your hostage data.

What can you do to prevent an attack?

  • First, be aware and help spread the word. Our best line of defense against this type of crime is to prevent its occurrence in the first place, and help as many people as possible be aware of the threat and how to avoid it. Share this blog post.
  • Second, train your staff not to open any résumés that come as zipped files—delete the emails immediately. Make sure anyone who hires people knows not to open these emails. Continue to make intelligent decisions about which email attachments you open. If you have an email that you question, contact an IT manager.

Prepare for the worst

  • Always back up your files. There are many excellent and reliable backup services out there. There are similarities and differences so it’s important to find the one that best suits your business’s needs. Compare costs, performance and security levels, among other things, and of course, how they do with disaster recovery. 

What can you do if you become a victim?

  • If you ever think you have clicked on one of these emails, shut down your computer immediately (hold the power button for 6 seconds) or unplug from the network immediately and contact your IT manager.

 

Be informed and share!

The team at Techno Advantage will help you select the right cloud-based or on-premise backup and storage solutions.  Give us a call to discuss which option is right for you. We also offer a backup software option for businesses. Need more help deciding how to protect your business from a malware attack? Contact a Techno Pro today!  And watch this blog for updates on any new malware. We want to keep you informed.