By: Dan Bremner
If you’re the type of person that usually skims or skips over our newsletters and blog posts, pay attention to this one. I know, I know…malware…encryption…blah blah blah…security…threat…eyes glaze over…I’m with you. But listen up!
The best way to explain this might be an analogy. If your computer was a house, various types of malware attack your house in different ways. Some will throw eggs or paint graffiti on it. Adware will do the equivalent of posting billboards along all the walls in your house. One might cut your main power line. Another will steal your wallet from your dresser. Botnets will steal resources - like plugging a long extension into your outside power outlet and use your electricity leaving you with the bill. They'll also leave a back door unlocked to come in and make other mischief later.
Last week, we ran across some of the most malicious malware infections we've yet seen, called Cryptolocker. This "ransomware" takes it to another level. To extend the analogy, it steals all the stuff in your house, from your financial records, to your CD collection, your photo albums, jewelry, letters, resumes, etc. and locks them in an unbreakable safe. Then it demands money from you and promises to give you the combination to the safe once you've handed over your money. The first version demanded $100, while the latest version has upped the demand to $300. For more info on the threat, check this pages.
- Disk encrypting Cryptolocker malware demands $300 to decrypt your files
- Proper Care & Feeding of your CryptoLocker Infection: A rundown on what we know
[If you go to the Reddit post, be forewarned that some of the comments below the main post have a few choice words that some may consider NSFW.]
As of this writing, the anti-virus makers are having a hard time keeping up with this particular pest.
Most malware, while it ranges from annoying to dangerous, doesn't do permanent damage to your files once the infection has been removed. Even if you have to wipe your hard drive and reinstall, at least you can take out the drive and copy the data on it to another system before you wipe it. That's not the case here, as the malware finds your personal files on your system, and wraps them in strong encryption, then demands money from you to decrypt them. Even a backup to a USB drive connected to the computer might not be safe, because the malware could see the attached USB drive and do the same damage to your backups. Same with attached network drives. Yes, that means one infected user could encrypt every file on your server (at least the ones the user has write access to).
So far, the primary method of infection seems to be the so-called "social engineering" model. Namely, send someone an email and get them to open the attachment. Something about disputed charges has been reported as the subject of at least one of the emails. It still amazes me how many people are willing to open questionable email attachments. PLEASE, don't open email attachments that you're not 100% sure are legitimate. If there's a 1% doubt, don't open it. Back to our analogy, in this case the thief comes to the front door, asking to enter, and by double-clicking that attachment, you're inviting him in to help himself to your stuff. That isn't the only method, as some PCs that were already infected with a botnet are having this delivered to them through their previous infection.
As always, if you aren’t sure about a particular message, call us. Or call the person that sent it to you and verify it. No one has reported getting a virus through a phone call yet.
Leave a comment!
You must be logged in to post a comment.