Just when you think it can’t get any worse, it does—it seems likely there is a new variant to the Cryptolocker virus—that insidious virus known to encrypt all your files and hold them ransom for $300. This new strain may or may not be Crypt, but it was reported recently to have been able to replicate to other workstations and begin encrypting user folders, though many IT peers do not believe that capability exists as yet.
Whether it is possible or not, it’s something to watch out for. The affected business not only was infected across multiple workstations, but also its server by way of mapped drives. The victim in this case saw a web page open at the workstation with a threatening hijack message and links to download the solution that unlocks the user’s data.
Its evil authors no doubt immediately began working on this new poison once researchers from FireEye and Fox-IT were able to reverse-engineer the virus and provide a solution to Cryptolocker’s victims in May of this year. Of course, half a million people had already been affected and 1.3 percent had paid cash to free their files from the criminals—to the tune of $3 million.
Following the forum discussion about this new case reveals that the most likely source of this virus may actually be a flash-based ad on a compromised site that many people in the office could have accessed. It is possible that someone shared a link containing the virus, or perhaps everyone had a program installed already that popped up an embedded ad that was clicked on.
No matter whether the new strain is able to actually replicate to other stations or not, this is a good reminder to take every measure available to safeguard your files. Number one, add this virus’s file names to your file screens: *.aaa and restore_. Two, backup always! Three, get legit anti-virus and monitoring software. Four, patch your workstations. Five, contact the team at Techno Advantage for help selecting the right cloud-based or on-premise backup and storage solutions.
Need more help deciding how to protect your business from a malware attack? Contact a Techno Pro today! And watch this blog for updates on any new malware. We want to keep you informed.
