Tag Archives: victim

Is Cryptovirus back as a worm?

03 Sep 15
lverbik
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
No Comments

19798163_s (2)Just when you think it can’t get any worse, it does—it seems likely there is a new variant to the Cryptolocker virus—that insidious virus known to encrypt all your files and hold them ransom for $300. This new strain may or may not be Crypt, but it was reported recently to have been able to replicate to other workstations and begin encrypting user folders, though many IT peers do not believe that capability exists as yet.

Whether it is possible or not, it’s something to watch out for. The affected business not only was infected across multiple workstations, but also its server by way of mapped drives. The victim in this case saw a web page open at the workstation with a threatening hijack message and links to download the solution that unlocks the user’s data.

Its evil authors no doubt immediately began working on this new poison once researchers from FireEye and Fox-IT were able to reverse-engineer the virus and provide a solution to Cryptolocker’s victims in May of this year. Of course, half a million people had already been affected and 1.3 percent had paid cash to free their files from the criminals—to the tune of $3 million.

Following the forum discussion about this new case reveals that the most likely source of this virus may actually be a flash-based ad on a compromised site that many people in the office could have accessed. It is possible that someone shared a link containing the virus, or perhaps everyone had a program installed already that popped up an embedded ad that was clicked on.

No matter whether the new strain is able to actually replicate to other stations or not, this is a good reminder to take every measure available to safeguard your files. Number one, add this virus’s file names to your file screens: *.aaa and restore_. Two, backup always! Three, get legit anti-virus and monitoring software. Four, patch your workstations. Five, contact the team at Techno Advantage for help selecting the right cloud-based or on-premise backup and storage solutions.

Need more help deciding how to protect your business from a malware attack? Contact a Techno Pro today! And watch this blog for updates on any new malware. We want to keep you informed.

DON’T OPEN THAT RÉSUMÉ SO FAST: THE LATEST SCARY TREND IN RANSOMWARE

23 Jun 15
lverbik
, , , , , , , , , , , , , , , ,
No Comments

YOUR COMPUTER HAS BEEN LOCKED. Now you must pay ransom to an unidentified thief in order to unlock your computer system and gain access to your own data or lose it forever. This might be the worst message to ever have come across your computer screen. If you become its victim, the only way around it is either, 1) pay them, or 2) reformat your computer, and restore data from a backup (if you have it). There’s no easy way out—they lock your drive so you won’t be able to “hack” your way back in, and this is not only local drives, but they can affect mapped drives as well, so if you have a data drive on a company server that everyone uses, that one can be hijacked too.

You’ve just experienced CryptoWall, a new and highly destructive variant of ransomware—a malicious software that infects your computer and holds hostage something of value to you in exchange for money. With CryptoWall, thieves use asymmetric encryption, where the decryption key is different from the encryption key and is not stored next to the encrypted data. This forces victims to pay the thief a ransom for the decryption key to unlock the data. It is so insidious as to encrypt your data with RSA-2048 standard, which makes decryption just about impossible within the given timeframe the infection hobbles you with—usually 48 hours.

And now criminals have refined their malware yet again through the use of exploit kits to spread their poison deeper and wider. This time, with seemingly innocent looking résumés.

How it works:

A hacker sends a zipped file or corrupted word document appearing to be a résumé of a potential hire. When opened, it encrypts the entire contents of the computer and possibly network drives. Information on how to pay a “fee” to decrypt your files is then presented on the screen. After some time, the “fee” may double or you cannot retrieve the files at all. Criminals may demand $500 or more to lift the restrictions on your hostage data.

What can you do to prevent an attack?

  • First, be aware and help spread the word. Our best line of defense against this type of crime is to prevent its occurrence in the first place, and help as many people as possible be aware of the threat and how to avoid it. Share this blog post.
  • Second, train your staff not to open any résumés that come as zipped files—delete the emails immediately. Make sure anyone who hires people knows not to open these emails. Continue to make intelligent decisions about which email attachments you open. If you have an email that you question, contact an IT manager.

Prepare for the worst

  • Always back up your files. There are many excellent and reliable backup services out there. There are similarities and differences so it’s important to find the one that best suits your business’s needs. Compare costs, performance and security levels, among other things, and of course, how they do with disaster recovery. 

What can you do if you become a victim?

  • If you ever think you have clicked on one of these emails, shut down your computer immediately (hold the power button for 6 seconds) or unplug from the network immediately and contact your IT manager.

 

Be informed and share!

The team at Techno Advantage will help you select the right cloud-based or on-premise backup and storage solutions.  Give us a call to discuss which option is right for you. We also offer a backup software option for businesses. Need more help deciding how to protect your business from a malware attack? Contact a Techno Pro today!  And watch this blog for updates on any new malware. We want to keep you informed.

Protecting Against Ransomware Threats

16 Dec 14
lverbik
, , , , , , , , , , , , , , ,
No Comments

In case you aren’t familiar with that term, ransomware refers to programs that hold your computer or hard drive hostage, demanding that you pay a ransom fee (hence the name) if you want to get your information back.

Once users become infected, they see an error screen that tells them they have a fixed amount of time, usually 100 hours, to send money to the virus developer before all information on the drive will be unavailable, deleted or encrypted.

Obviously, that can put anyone in a tough position. So, let’s look at what we know about one of the best known types of ransomware called a crypto virus, what you can do if it infects your computer, and the steps you can take to avoid it.

Like many other computer viruses, the crypto virus spreads through email attachments, infected programs and compromised websites.  Typically, these are disguised as PDF or Word files, hiding in official-looking emails.

Once you open the message, and the accompanying attachment, the virus hijacks your computer, and only the ransom screen will be shown.

Attackers may use one of several different approaches to extort money from their victims:

  • After a victim discovers he cannot open a file, he receives an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if the ransom is not paid by a certain date, the private key will be destroyed and the data will be lost forever.
  • The victim is duped into believing he is the subject of a police inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
  • The malware surreptitiously encrypts the victim’s data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites.

To protect against data kidnapping, Techno Advantage urges all users to backup data on a regular basis. If an attack occurs, do not pay a ransom. Instead, wipe the hard drive clean and restore data from the backup.

What To Do If Your Computer Becomes Infected With the Crypto Virus

The first thing to do, if you detect that one of your computers has become infected with the crypto virus, is to disconnect it from the network. Also, avoid connecting the computer to any external drives or storage devices. It is possible for connected computers, or entire networks, to become infected from a single workstation that’s sharing information.

Next, speak with a Techno Advantage IT professional immediately.

If you have a reliable backup and data recovery system in place, your IT professional can probably restore your files and computer back to a previous save point within an hour or two.

Here are 6 additional tips to help keep you, your business and your equipment safe.

  • Keep regular backups of your important files.
  • Use an anti-virus, and keep it up to date.
  • Keep your operating system and software up to date with patches.
  • Review the access control settings on any network drives you have.
  • Don’t give administrative privileges to your user accounts.

Don’t let the crypto virus keep you up at night…just be prepared with a solid backup solution and a trusted Techno Pro to guide you.  Contact us today for a consultation!