Protect Your Data From Ransomware

ransomwareRansomware bursts in to your PC, encrypts your files and hold them for ransom payment. According to Sonicwall, ransomware attacks rose from 3.8 million in 2015 to 638 million in 2016, an increase of 167 times. You must defend yourself from these malicious thieves who only seek to separate you from your hard earned money.

Some common-sense habits can help mitigate your exposure to malware and ransomware:

  • Keep your PC up to date via Windows Update
  • Ensure you have an active firewall and antimalware solution in place. A good third-party antimalware solution is recomended.
  • Ensure that Adobe Flash is turned off, or surf with a browser, like Google Chrome, that turns it off by default.
  • Turn off Microsoft Office macros, if they’re enabled.
  • Don’t open questionable links, on a webpage or especially in an email. The most common way you’ll encounter ransomware is by clicking on a bad link.
  • Stay out of the bad neighborhoods of the Internet because the risks increase if you’re surfing where you shouldn’t.

For dedicated antimalware protection, consider Malwarebytes 3.0, which is advertised as being capable of fighting ransomware.

Ransomware encrypts and locks up the files that are most important to you. There’s no reason to leave them vulnerable. Backing them up is not an option anymore, so back up your data frequently. When you use an external hard drive to perform incremental backups, detach the drive when finished to isolate that copy of your data. This is VERY important because ransomware will also encrypt any attached drives.

I additionally recommend you take advantage of secure cloud storage provided by Carbonite.

Ransomware is an ominous reminder that people mean you harm. Treat your PC as part of your home by securing it from outside threats and you’ll rest easier knowing you’ve protected.

New Malware Petya Locks Down PCs Until Ransom Is Paid

malwareA new piece of malware is making the rounds using the cloud storage service Dropbox. This ransomware named Petya is reportedly able to lock you out of your computer and forces you to pay ransom to regain access to your files.

According to a report from Trend Micro Petya is being distributed via email. The package is included in a email message from a professional looking for work, which contains a Dropbox link that will supposedly allow the recipient to download their resume.

The file is a self-extracting executable that installs a Trojan which blocks any security software and downloads the Petya ransomware. Once that is completed the real attack gets started.

Petya overwrites the master boot record of the infected computer, causing a blue screen of death. When you try to reboot, you will see a bright red screen with an ASCII skull and crossbones. There’s no way of escaping this because safe mode and system restore points have been disabled.

You are then informed your computer has been locked with a “military-grade encryption algorithm” and only way to get your files back is the dark Web and pay for a key with bitcoin. The going rate is $431, and that doubles if the victim doesn’t pay within a certain time period.

This is a very nasty piece of malware and proves criminals are always developing new methods of attack. To avoid being targeted you must be vigilant about links in emails from unknown senders.

Active Virus Called CryptoWall 3.0

cryptowall-ransomwareThere is a relatively active virus on the loose called CryptoWall 3.0. People experienced problems with this virus in recent days. The virus attacks .jpg, Office and other files and encrypts them so they’re unable to be opened. Unfortunately, the virus is also considered “ransomware” which means the author attempts to extort users into paying to get the encrypted files unlocked. Reports indicate that the initial ransom starts at $500.00 and the files may remain unavailable even after paying the fee.

My experience shows that multiple anti-virus programs have been unsuccessful at blocking this attack. We’ve also had mixed results when attempting to restore files from backups.

It appears that the virus is primarily being transmitted via normal methods: email attachments and embedded links within emailed documents. As always, be sure you know your sender before opening any attachments and, if uncertain about the message, contact the sender before opening the suspect email. If in doubt, delete the suspect email message. Several users have downloaded .zip, .pdf and .jpg files, plus other file extensions with .exe names. Unfortunately, this is quite common since organizations are reviewing job applicant credentials and are processing orders/tracking shipments: Both of these message types may include file attachments.

The virus has encrypted files on local hard drives, external drives (like backup systems) as well as flash drives and shared network locations. Again, there is no guarantee that we can restore files once they’ve been encrypted.

Once your computer has been infected we’ve see several hints:
1) Your Internet Explorer and/or Chrome browser home pages will be redirected to the Ransomware site.
2) Files with the following names will begin to appear in folders, on the desktop, on the network:
– help_decrypt.txt
– help_decrypt.png
– help_decrypt.html

IF you see any of these files or if your browser home page is hijacked to a different location than normal, immediately shut down the computer in order to reduce the risk of further file corruption, then contact me.

Finally, I would not be a bad idea to have several flash drives in use as alternative backup options. Backup any critical files and keep rotating them every three days or so in case the last backup is already corrupted. Unfortunately, if the virus is already on your system then the backups files could be corrupted and useless.