SUPPORT ADVICE ON RANSOMWARE MALWARE
- June 23, 2015
We have encountered new and destructive viruses disguised as semi-legitimate email.
Advise your team to be vigilant when opening emails from unknown sources. Once opened the CryptoLocker Ransomware immediately encrypts files on the user’s computers and network drives. Ransomeware encryption can be time consuming and costly to resolve.
INFECTED EMAILS HAVE A VARIETY OF HEADINGS INCLUDING:
- Infringement Notice – (this version has fooled many users as at first sight it appears genuine)
- Notification from Financial Institute
- Resume Offering – (A simple 5 lines offering a resume)
Commandacom provides anti-virus and backup audits to identify security and restoration vulnerabilities within your IT systems.
WHAT IS RANSOMWARE?
Ransomware is malicious software that denies you access to your computer or files until you pay a ransom.
There are two types of ransomware that our engineers are commonly seeing:
- Encrypts personal files/folders (e.g., the contents of your My Documents folder – documents, spreadsheets, pictures, videos). Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment. You may see a lock screen but not all variants show one. Instead you may only notice a problem when you attempt to open your files. This type is called ‘file encryptor’ ransomware. For example, CryptoLocker is a file encryptor that Sophos Anti-Virus detects as Troj/Ransom-ACP.
- ‘Locks’ the screen (presents a full screen image that blocks all other windows) and demands payment. No personal files are encrypted.
Which operating systems are susceptible to this type of attack?
As with a lot of malware the majority of ransomware is targeted at the Microsoft Windows operating system.