Beware of Ransomeware

The rate of malware (ransomware) attacks on small businesses climbs at an alarming rate. The security firm McAfee warns that soon, attacks that come through social platforms will be “ubiquitous.”

You get an email that looks legitimate say from a FedEx, UPS, USPS or any other lookalike that has a zip file attachment in it. Inside the zipped file, like an unsuspecting nightmare, hides a double-extension file such as .pdf.exe. This is not a PDF document but an executable that if clicked on, will allow CryptoLocker to run on your computer.

CryptoLocker01

Now you might be asking what damage does this thing do? Once installed on your computer, CryptoLocker encrypts files on your computer’s local and mounted network drives by using RSA public-key cryptography while the private key is actually stored on the servers controlled by the malware. In other words, once the file is encrypted, you cannot access it. It is like putting all of your important stuff into a safe that is impossible to open without a key and then hiding the key so you can’t access the contents. In order to get the files decrypted and accessible again, CryptoLocker displays a “ransom” payment message with a strict deadline. If you pay with Bitcoin or a prepaid voucher within the deadline, your files get decrypted. On the other hand, if the payment is not made within the deadline, the price for decryption increases or your files stay forever encrypted. The encryption is so complex that experts say that it is close to impossible to break, so if you do not have a proper backup, the files are non-recoverable. It is discouraged to pay the ransom because it encourages the attackers to continue to do harm. There have been reports that files unlocked become relocked after a period of time.

The best thing to do is prevent the infection in the first place by not opening any emails and attachments if you are not sure where they came from or if they look suspicious. FedEx or UPS is not going to ask you to download a zip file, so if something appears strange, it probably is. If you do accidentally click on something, make sure to pay attention to the file and do not open a double-extension file (such as recipt.pdf.exe). As always, having updated antivirus software is extremely important.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: