We have warned previously about the CryptoLocker/CryptoWall ransomware exploit previously, which begins with a phishing email designed to look like a past due invoice or a tax notice. Opening the ZIP attachment would install encryption software which would render your files unusable without the encryption key, which the perpetrators would graciously sell you for amounts beginning at $200 and going up from there. How much depends on the value of your stuff and your apparent ability to pay. Personally, I have seen amounts as high as $1000, but heard about large companies having to pay in the tens of thousands of dollars.
Well there is a new variant of this exploit that includes an old-style virus component. The virus part allows this exploit to infect many parts of your system, and spread to other systems you are connected to on a network. If left unchecked, this can spread across an entire company.
Because it infects so many files in a computer, it is hard to remove. The only safe path back is to pay the ransom (really, how safe is this going to be?) or to wipe the drive and reinstall the operating system and applications from scratch, and restore your personal files from a good backup.
So what can you do? Firstly, quick opening file attachments and clicking on links in emails without first verifying the source. Many of these emails are described on the web and a quick Google search will let you know this email is part of a scam. Or check out the attachment or link on VirusTotal.
Of course, you need to have a backup procedure in place too, for so many good reasons, not just this one. If you are not backing up your personal files and work product then you are just simply playing Russian roulette with your business.
For more information:
Silicon Beat
Sophos
Infosec Island
FEB
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com