Featured Stories

Filter By Categories
By
October 28, 2014

Alert: New CryptoWall Virus is Spreading

According to industry security experts there has been a surge in CryptoWall ransomware attacks this month coinciding with a new malware that is being spread through advertising networks.  Unfortunately, a few of our clients have already experienced issues with this newer virus.

What is Ransomware and CryptoWall?

Ransomware is a type of malicious software that infects a computer and restricts access to it until a ransom is paid to unlock it.  This type of malware has been observed for several years and is typically spread through phishing emails that contain malicious attachments and unsuspected downloads. Ransom has sometimes been demanded in virtual currency such as Bitcoin.  Learn more by reading Alert (TA14-295A) released by the United States Computer Emergency Readiness Team's website.

Ransomware

CryptoWall 2.0 is an October 2014 update of the original file-encrypting ransomware program that was released in April 2014 that targets all versions of Windows.  CryptoWall scans your computer for data files and "encrypts" these files, rendering them unopenable.  Once the virus has encrypted the files on your computer it will open a window that contains instructions on how to access the Decryption Service where you are required to pay a ransom to purchase the corrective program.

This newer version of CryptoWall has been modified to bypass anti-virus and malware programs making it more difficult to detect quickly.  The virus can come in as an e-mail link or attachment, but can also be downloaded from an infected website, screensaver, advertisement, etc.

Once a workstation is infected it will search all shared drives and resources before encrypting all network files and the attached drive. Virus and malware scans are unable to find the original infected file because it is a signed application vs. a virus.

The best defense against a ransomware attack is to take precautions well in advance of an attack. 

Ten preventative measures to protect your computer network now.

  1. Direct system users to Java and Adobe to update their Java software and Adobe Flash Player.  This is the best way to prevent the new Advertising-driven CryptoWall Ransomware.  Let users know that they should ignore any notifications "to update Java or Adobe" that they receive.
  2. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline. Make sure that users log off their systems before leaving work to ensure that files are not left open and unable to be backed up.
  3. Your company should have an up-to-date, multi-layered security screen in place including security services on a hardware router, a gateway firewall, anti-spam software and anti-virus software.
  4. Keep your operating system and software up-to-date with the latest patches.
  5. Avoid having users defined as members of the Local Administrators Group on their desktop and/or laptop PC's.
  6. Consider implementing Software Restriction Policies (SRP's) that allow you to control or prevent the execution of certain programs through the use of Group Policy. You can use SRP's to block executable files from running in the specific user-space areas that the virus launches from. (This is best put in place by an IT system admin or security professional.)
  7. Computer security programs do not provide an absolute shield.  The most important defense is the care taken by employees which is a function of training and an attitude of vigilance regarding electronic communications, website usage, downloading, etc.  Consider on-going communications with employees to educate and remind them of safe practices.
  8. Advise employees not to follow unsolicited web links in emails. Refer to the document, Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  9. System users should use caution when opening email attachments. For more information on safely handling email attachments, see Recognizing and Avoiding Email Scams.
  10. All employees should follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details to share.

 

If you happen to open a file or link and think that you have an active infection it is important to work quickly. Encryption takes time and you may notice that your computer is running slower or that programs are not properly running. Your best defense is to turn off your computer and disconnect backup/network or shared server drives as this will end the encryption process and limit or prevent the situation from spreading to other connected devices.  From this point on it is not a do-it-yourself project.  Seek competent professional help.

Main take-away of this article:  If it is free and not from a reputable vendor do not download it.  If the e-mail looks even a little suspicious do not open it.  When in doubt delete or ask an IT professional about it first.

Visit our website Data Security and Backup page for more information and helpful links.

 

Subscribe to Receive Our eNewsletter