Dangerous New VIRUS

There is a dangerous virus called Ransomware that is hitting many business customers. The virus has hit several Stablenet customers and the frequency is the exploits seem to be increasing. The virus exploit comes generally in two methods, 1) through users clicking on shipping email hyperlinks (or attachments) that are actual viruses or 2) through attacks that utilize exploiting older vulnerable java that hasn’t been patched with the latest updates. The attacker then installs an application without administrator rights on the PC and begins to attack and go after its real payload: your primary data files. It looks for any Microsoft Office document or any database file and encrypt it with the attacker’s key. It will also search across the company’s network for any files that are Office or Database files and encrypt them, too. If you have mapped drives, it will encrypt all those files on the server that your PC is mapped. Then, it will throw up a message on the screen asking for payment to decrypt the files (figure 1). You will either have to pay the ransom requests, or delete them all and replace them a recent valid backup of those files (figure 1).

Note: There are new variants and copy cats of the CryptoLocker ransomware appearing every day. Some of the variants knows are: CryptoWall, CryptoDefense, CryptorBit, and the list is growing.

How do you protect yourself? Do not click on any emails or open any attachments from unknown persons. Note on figure 2 below, the email says it’s from UPS but the “From” address is a foreign country domain. If you mouse over the link it will take you to a site other than UPS. With recent valid backups, you can delete the encrypted files and restore as a disaster recovery measure should you get infected.

(Figure 1)

Virus Example 2

(Figure 2)

Virus Example UPS