Many of us have heard of spyware or malware, programs that try to sell you unnecessary software or pry your credit card details from you. In the last few months we have seen an alarming increase in what is being called ransomware.
How are users affected?
CryptoLocker is normally delivered as a file attached to an email as a .ZIP file. Common email subjects are round payroll or online banking alerts, parcel delivery dockets (DHL) and other subjects that might encourage the recipient to open the email and then the attached file. Once opened, the ransomware will start looking for files and encrypting these. These include local files on the pc, any network drives on the server and cloud storage (office365 or Dropbox). You are then presented with the following prompt asking for a payment to unencrypt the files.
What do I do if my computer is infected?
Disconnect your computer from the internet immediately by removing your network cable or turning off the wireless connection. Better yet, shut the computer down.
Call Kinetics immediately!
We will remove the ransomware and the recover your files from your last backup.
Why does my Antivirus not protect from this?
By opening the attachment and running it you are giving the program permission to run. Your antivirus see this as an indication you trust the program and allows it to install.
How can I defend against ransomware?
- Educate all your users on the following – (perhaps send out a company company wide memo)
- Do not open any emails from people you do not know.
- Do not open any strange attachments you receive.
- If you have any doubt about and email, call Kinetics.
- Ensure your backups are working – any clients on our KARE programs have their backups monitored and checked daily.