CryptoWall - A New Virus Spreading Pain

on . Posted in Information Technology Blog

CryptoWall has been out for over a month, and it's been a devastating virus that will encrypt (destroy) all of your Word documents, Excel spreadsheets PDFs, etc.  The virus will first go through your personal computer destroying the above files and then it will go through your network destroying files there.  There is no ready process to un-encrypt files once they have been encrypted. The only alternative is to find the infected computer, clean it and then restore the destroyed files from a backup.

CryptoWare is from the same cyber criminals who created CryptoLocker.  The cyber thieves are classifying it as "RansomWare" demanding money to un-encrypt your files.  Paying the ransom will likely add insult to injury, leaving you out your paid ransom and with a computer/server full of worthless files.

Because of the changing nature of this virus, most anti-virus programs will not stop it so you can’t rely on them to protect you.  Your first line of defense is you.

Generally this virus will come to you in an email with a .zip attachment but I’m sure they’re staying up nights trying to figure out other methods of delivery, i.e., infected web sites.

The current list of known CryptoLocker and CryptoWall email subjects include but are not limited to:

USPS - Your package is available for pickup ( Parcel 173145820507 )
USPS - Missed package delivery ("USPS Express Services" <This email address is being protected from spambots. You need JavaScript enabled to view it. [mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.]>)
USPS - Missed package delivery  
FW: Invoice <random number>
ADP payroll: Account Charge Alert        
ACH Notification ("ADP Payroll" <*@adp.com [mailto:*@adp.com]>)
ADP Reference #09903824430       
Payroll Received by Intuit
Important - attached form  
FW: Last Month Remit
McAfee Always On Protection Reactivation      
Scanned Image from a Xerox WorkCentre
Scan from a Xerox WorkCentre    
scanned from Xerox
Annual Form - Authorization to Use Privately Owned Vehicle on State Business
Fwd: IMG01041_6706015_m.zip
My resume   
New Voicemail Message
Voice Message from Unknown (675-685-3476)  
Voice Message from Unknown Caller (344-846-4458)
Important - New Outlook Settings           
Scan Data
FW: Payment Advice - Advice Ref:[gb293037313703] / ACH credits / Customer Ref:[pay run 14/11/13]            
Payment Advice - Advice Ref:[gb2198767]
New contract agreement.   
Important Notice - Incoming Money Transfer
Notice of underreported income  
Notice of unreported income -
Last month’s reports
Payment Overdue - Please respond        
FW: Check copy
Payroll Invoice        
USBANK
Corporate eFax message from "random phone #" - 8 pages (random phone # & number of pages) past due invoices
FW: Case FH74D23GST58NQS     
Symantec Endpoint Protection: Important System Update - requires immediate action

There could be many more.

If you receive an email with any subject and with any kind of attachment, unless you know absolutely (no guessing) that it is safe, delete it immediately and then delete it from your deleted folder.

More importantly, make sure you have the best backups available.  Magnitech provides DataVault, and the extremely efficient Business Disaster Recovery solution.

If you are a business looking for the best backup against this horrible infection, give us a call at 630-282-6540.

Tags: Disaster Recovery CryptoWall CryptoLocker BDR Backups Antivirus

| | |