We don’t normally blog about negative parts of our industry, but last week  saw a huge spike in the activity for this incredibly harm full malware variant.

I wont bore you with the nitty gritty details of the virus, but please head this as a serious warning. The rate of infection for Crypto variants is on the increase and it can devastate a business if you are not protected. In every instance we have heard and seen of it, an email arrives with a zip file attachment, the user opens the zip file and runs the exe inside of it infecting the machine. Not all AV solutions are able to catch all variants. Australia is being smashed with this virus right now. Please be careful. Heres a summary.

 

Crypto Wall / Locker Malware

What does it do?

  • Runs from the infected computer and encrypts all files it finds on the network as well as local files on the pc thats infected. (Encryption is like a fancy password locking the files that you or anyone but the people who made it, can remove)
  • As it encrypts all files you will no longer be able to open your files. (Includes photo’s, pdf’s, doc, xls file and more)
  • You are then held ransom by the criminals to pay them approx $700 AUD to remove the encryption

What can I do?

  • Restore all of your files from backup, ignore the threat.
  • Pay the ransom (which isn’t an easy task either, you must pay in bitcoins, and I am sure you are funding a criminal organisation)
  • Run malware cleaning tools such as Malwarebytes to get rid of the malware, or if you are very cautious, reload your PC from scratch to be extra sure.

Does paying the ransom work?

In the research we have done by all accounts yes it does work, but don’t hold us to that, surely the authorities will close down the payment method at some stage, which may stop it from working. The only true method is restoring from backup.

Thats ok I have a backup on external hard drive

Congratulations, thats great. Now is the drive plugged into your pc all the time? If it is then you are in trouble. Crytpo will encrypt the files in your backup as well. Have at least 2 drives with an air gap between one of the drives at all time.

Its all good I use dropbox to store files

Don’t be so sure, crypto, can encrypt files on a mapped dropbox drive.

 

To our valued customers, friends and family, please read the following list of things we know to help reduce your chances of getting this nasty bug.

  1. Have at least 2 Backups on 2 drives with an air gap between one of the drives at all time.
  2. DONT EVER open Zip files from attachments
  3. DONT EVER open emails that look like they are coming from Banks, Australia post, Fedex, paypal, and other large companies who you maybe dealing with at the time. This virus is socially engineered o trick you. Just don’t open them.
  4. Informed all of your friends and family and colleagues of this virus, and educate staff, to never open emails they dont know about. If you think its important, call the person who sent it, and say, why did you send a zip file, can you send me the files without being in a zip file. (Zip files are dead, stop using them within email)
  5. Download the free version of malwarebytes, install it and do a scan. You will never know what it picks up. It wont stop you getting it, but it will help you get rid of it.
  6. Make sure you have a decent AV and internet Security program. (Although don’t not trust these), they may help and may not.
  7. Did I mention Backups. Well I will mention again. Hard drives are cheap. You have no reason to ever lose data when you can buy 1tb drive for $80. Buy heaps,backup all the time. Oh yeah and one final note. TEST YOUR BACKUP. So important.

If your business has been affected by cryptolocker and cryptowall malware, we are experience in being able to remove restore and deal with the situation. Call us on 0740514200 to speak to a business IT Specialist.