Sensible Alert - New CryptoWall Ransomware Trojan Alert !

You may remember that I sent an alert a few months ago about the latest threat in "viruses" — ransomware like cryptolocker.

Well, they're back with a vengeance !

A brand new breed — called Cryptowall has been detected in the wild and hitting corporate clients.

The new version has a distinctly Australian flavour.

This new Trojan arrives as a seemingly innocuous email like the one below, with your real name in the body of the email.

When you click on the suggested link, it immediately starts to encrypt all files you have access to on your computer and on the network.

As I have outlined previously, the best antivirus software programs are always playing catchup after the initial release of a new threat.

So, the best defence is always best practices. (see my suggestions below).

Please pass this warning onto your colleagues.

Why should businesses care?

The virus attacks all drives the computer can see (including dropbox folders , usb drives and network drives to the office (locally or over a VPN!)

Imagine if all of your businesses files were totally encrypted!

How do I get infected ?

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues or invoice demands from reputable courier companies. These emails would contain a link or an attachment that when opened would automatically infect the computer.

Once infected, the Trojan begins encrypting your data.

Trojans typically do not spread to other computers.

What Should I Do to prevent Infection?

Best practices :

1. Never open emails from people you don't know.
2. Never open attachments or click on links directly from emails unless you are expecting it.
3. Large organisations do not usually send you links or attachments in emails . they ask you to log on normally to their website and proceed from there.
   1. Ensure you have continual backups that
      1. Are automatic ( you never know when a virus may hit)
      2. Allow for multiple file versions (your last backup maybe infected)
      3. Go back more than a few months ( You don't always know how long you have been infected)
   2. Ensure your antivirus software is business grade and continually monitored so you know it is up to date with all latest patches and patterns. (Remember — the bad guys are always motivated to get one step ahead)
   3. Ensure you only login to your computer or network with the least amount of privileges you need to get your normal job done. Remember, viruses inherit your privileges.

If your login can connect to other computers and servers and make changes – so can the virus. This is one reason why we normally lock down networks we manage.

1. Ensure your technology provider has implemented some preventative mechanisms that stop any trojan from activating.

What Should I Do If I am Infected?

1. Immediately disconnect from any wireless or wired network or VPN.
2. Power off your PC.
3. Change all of your key passwords including those for internet banking.
4. Call Your IT Service Provider and expect immediate Support.
5. Do not restore files until you are sure the malware has been totally removed. They often contain self-healing technology.
6. If you have good backups — Don't ever pay the ransom !
7. Be patient – this will take some time to repair - you will lose a good deal of productivity whilst this happens.

Note : All of our Fully Managed Clients already have the latest preventative measures in place