CryptoWall has been out for over a month, and it’s been a devastating virus that will encrypt (destroy) all of your Word documents, Excel spreadsheets PDFs, etc. The virus will first go through your personal computer destroying the above files and then it will go through your network destroying files there. There is no ready process to un-encrypt files once they have been encrypted. The only alternative is to find the infected computer, clean it and then restore the destroyed files from a backup.
CryptoWare is from the same cybercriminals who created CryptoLocker. The cyber thieves are classifying it as “RansomWare” demanding money to un-encrypt your files. Paying the ransom will likely add insult to injury, leaving you out your paid ransom and with a computer/server full of worthless files.
Because of the changing nature of this virus, most anti-virus programs will not stop it so you can’t rely on them to protect you. Your first line of defense is you.
Generally, this virus will come to you in an email with a .zip attachment but I’m sure they’re staying up nights trying to figure out other methods of delivery, i.e., infected websites.
The current list of known CryptoLocker and CryptoWall email subjects include but are not limited to:
USPS – Your package is available for pickup ( Parcel 173145820507 )
USPS – Missed package delivery (“USPS Express Services” <firstname.lastname@example.org [mailto:email@example.com]>)
USPS – Missed package delivery
FW: Invoice <random number>
ADP payroll: Account Charge Alert
ACH Notification (“ADP Payroll” <*@adp.com [mailto:*@adp.com]>)
ADP Reference #09903824430
Payroll Received by Intuit
Important – attached form
FW: Last Month Remit
McAfee Always On Protection Reactivation
Scanned Image from a Xerox WorkCentre
Scan from a Xerox WorkCentre
scanned from Xerox
Annual Form – Authorization to Use Privately Owned Vehicle on State Business
New Voicemail Message
Voice Message from Unknown (675-685-3476)
Voice Message from Unknown Caller (344-846-4458)
Important – New Outlook Settings
FW: Payment Advice – Advice Ref:[gb293037313703] / ACH credits / Customer Ref:[pay run 14/11/13]
Payment Advice – Advice Ref:[gb2198767]
New contract agreement.
Important Notice – Incoming Money Transfer
Notice of underreported income
Notice of unreported income –
Last month’s reports
Payment Overdue – Please respond
FW: Check copy
Corporate eFax message from “random phone #” – 8 pages (random phone # & number of pages) past due invoices
FW: Case FH74D23GST58NQS
Symantec Endpoint Protection: Important System Update – requires immediate action
There could be many more.
If you receive an email with any subject and with any kind of attachment, unless you know absolutely (no guessing) that it is safe, delete it immediately and then delete it from your deleted folder.
If you are a business looking for the best backup against this horrible infection, give us a call at 630-282-6540.