Sydney Outsourced IT Services Blog
Earlier this year, a new type of ransomware appeared onto the scene; a variant of a security threat called CryptoLocker. The vulnerability becomes enabled when a user clicks a hyperlink that provides authorisation for the installation of malicious malware. Essentially, this malware finds your personal files and wraps them in a strong encryption, then demands money to get the unlocking key.
Once the malware encrypts every shared file that the infected machine is able to access, the software has the potential to encrypt all data on the workstation and servers it’s attached to, causing your files to become inaccessible to you and anyone who uses your network. Interestingly enough, CryptoLocker targets files that aren’t considered important by most home users.
CryptoLocker targets files which have extensions such as odt, doc, docx, xls, ppt, xlsx, pptx, mdb, accdb, rtf, mdf, dbf, psd, pdd, jpg, srf, sr2, bay, crw, and so on. Basically all of the files that are usually very valuable for businesses; suggesting that the threat is designed to target organisations.
After the encryption process has been complete, you’ll see a notice describing the requirement for you to pay a $300 “ransom” fee within 72 hours of the original encryption to obtain the unlocking key and decrypt your files.
Many organisations claim that by paying this ransom fee, you actually do obtain the key. However, there’s no promise of it and if you happen to miss the deadline, the virus uninstalls itself and the files can’t be decrypted; meaning they are lost. According to reports, antivirus vendors are struggling to prevent and undo the damage caused by this ransomware. Often, paying the ransom is your best bet for undoing the encryption.
However, there are a few tips to help you avoid this exploit. Remind all users on your network of the following:
- Do not click on a link or attachment in an email unless you’re positive that it’s from a trusted source. If the email looks slightly suspicious to you, that’s because it probably is suspicious.
- When files have a double-extension such as .txt.vb or jpg.exe, be careful! Windows will often hide common file extensions as a default setting; such as Paint.exe appearing as Paint. Double extensions exploit this by hiding the second, dangerous extension and making you feel secure with the first extension. If a common file type’s extension suddenly becomes visible, right click on it, select Properties, and find the complete file name. Often, you’ll be shocked to find out what kind of extension it actually has.
- If you’re using an email retrieving program, such as Outlook, disable the image previews! Many email services like Outlook or Thunderbird tend to load attachments automatically for convenience. You need to have the ability to decide whether or not a file is safe enough to open. To disable image previews in Outlook, click the Office button and choose Options. Locate and click the Trust Center in the left side menu bar, then hit the Trust Center Settings option. Now you must uncheck the don’t download pictures automatically in HTML e-mail messages or RRS items option.
- Be careful with unusual emails received from random companies. If you receive an email from a company that’s trusted, but it requests information or suggests a file to run, log into your account on that company’s page and look for notifications there. Scammers know which companies you trust, and they’ll copy the businesses’ email style to catch you off guard.
- Be cautious with USB drives! When you plug someone else’s USB drive into your computer, you’re risking the spread of infection via the drive itself, not the file you’re attempting to share. Always transfer files between computers using emails.
As most organisations know, malware and ransomware happens, and may leave your computer or files in an unusable state. It’s highly recommended to regularly perform backups of your important files and make sure your colleagues are aware of the risks.