One of the newer and more infuriating viruses on the Internet now are called “ransom-ware”. We recently had a client who was infected with a virus called “CryptoWall” which is a Trojan Horse virus that can enter your network via an email or a pop-up on an infected website. However, ransom-ware is particularly frustrating because of the blatant arrogance of the hackers.
This virus encrypts common data files thereby locking them from being used without the encryption key. While the virus is easily removed, all encrypted files are useless without the encryption key or restoring from a backup. Here comes the ransom – these thieves will offer you the key to access the encrypted files if you pay their ransom. Of course they want paid in Bitcoins or a cash voucher, so it can’t be traced back to them.
What is worse, is that this virus will spread across your network and eventually can infect all your computers and user files. Even if you clean the virus off your network, all the infected files are not usable unless you pay the ransom. Some have paid to retrieve their files and others claim they made the payment and still didn’t get their files back.
If you are like me, paying off these crooks is the last choice. Instead, we can prevent this with three easy steps that should be part of and businesses’ security policy:
- Make sure you have up-to-date virus protection. This requires not just having virus protection software installed, but keeping it up-to-date. Check now for your last updates – I’ll wait. This client had up-to-date definitions for their well-respected virus protection software but there is a first time for all viruses. The good news is that Bitdefender® has already updated their definitions for CryptoWall – just remember new ones show up every week.
- Have a backup! With a recent backup files can be restored: time consuming, yes, but at least you don’t have to pay the extortion money. This client commented how glad they were that earlier this year they invested well in a new backup solution. They were only down for an afternoon and didn’t have to pay the ransom.
- Implement Safe Internet Practices. This is a prime example of why PCI regulations don’t allow emails or open Internet browsers at Point of Sale. However, all users must be careful not to click on suspicious links or emails. Attachments should never be opened unless you know what is attached. This retailer was compromised while visiting a thesaurus website – innocent enough, right? But it is likely some sort of pop-up add was clicked on.
Just this summer, the authorities shutdown the server that was running a similar randsomeware virus called CryptoLocker. In the end, the authorities will catch these folks, but the damage is already done. How up to date is your security policy?
[…] is just the latest ransomware attack as we’ve reported here and here. There have been many others and more are sure to follow. What’s interesting about this virus is […]