virus - Claritech Solutions Corp.

EXECUTIVE SUMMARY:

Yet unknown cyber criminals have taken an NSA zero-day threat and weaponized a ransomware strain so that it replicates across networks without user intervention. There is a 2-month old Microsoft patch that urgently needs to be applied if you have not done that already. For older obsolete systems, such as Windows XP, the patch was just realized this weekend.

I have written about ransomware in the past. For more information, see this link: Ransomware 101

Please contact us if you’d like more information or have any concerns.

WHAT YOU CAN DO ABOUT IT:
I have said this before: be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: “When in doubt, throw it out!” If it was truly important, the sender will contact you by other means and can always resend the email.

Claritech has checked our list of supported devices and are actively patching the handful that were not up to date as they come online. If you are not under a current Claritech support plan, we urge you to either patch your systems yourself or contact us as soon as possible.

Whether or not you are a current Claritech customer, please contact us if you have any concerns or would like more information and a free vulnerability assessment.

BACKGROUND:
You may have seen the news this weekend. Criminal hackers have released a new strain of ransomware that spreads itself automatically across all workstations in a network, causing a global epidemic. If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation, but it could automatically spread to those around you.

Hundreds of Thousands Machines Infected Worldwide
FedEx Corp, Renault, Nissan, Russian banks, gas stations in China, and Spanish telecommunications firm Telefonica which reported 85% of their systems being down as a result of a cyberattack earlier today, and ironically the Russian Interior ministry had 1,000 machines encrypted. Even the German Railways were infected.

Dozens of hospitals in the UK were shut down. Cybersecurity experts have long used the phrase “where bits and bytes meet flesh and blood,” which signifies a cyberattack in which someone is physically harmed. This monster has infected hundreds of thousands of systems in more than 150 countries. Monday morning when people get back to work, these numbers will only go up.

Ransomware is a major Internet security challenge. This article explains how hackers use it to extort money from their victims and how we can protect ourselves.

What is ransomware?

In a nutshell, ransomware is malicious software that is installed on your PC through the typical virus installation methods:

Through hacked or malicious web-sites via browser flaws or social engineering;
Through emails with malicious attachments or links to malicious sites;
Through compromised downloads, such as “free” software or videos/images hosted on suspicious web sites;
Via the local network from other infected computers through operating system flaws;
From compromised USB keys or CDs.

The difference between ransomware and other viruses is that, once established, your files become encrypted and inaccessible and held for ransom by an anonymous hacker. This applies to network as well as local files. Essentially any files that your local PC has access to can be compromised.

What can I do if I become a victim?

There are really only four choices available once you become infected with ransomware, in order of preference:

Recover from backup – this is the preferred recovery method;
Attempt to decrypt your files using tools and services available online;
Start over and live without the encrypted files;
Pay the ransom.

If you think of ransomware as a nasty virus or a hard drive crash that destroys all of your files, you’re on the right track. The positive thing (if you look at it positively) about ransomware is that the anonymous hacker offers the fourth option to recover your files: pay the ransom. Normally when your files are destroyed, this isn’t an option.

How can I protect myself?

As scary as ransomware can appear, protection is not that difficult. Here are some ideas to get you started:

Backups – backups have always been the best way to protect electronic data. If you’re not doing online and local backups of all your data, what are you waiting for? Talk to us.
Updates – your applications, antivirus and operating system software should always be kept up to date. Many viruses succeed by exploiting flaws that have been discovered and patched long ago.
Practice safe web-browsing – stay away from the sketchy sites and do not download “free” software.
Training – we offer security awareness training and a free phishing test to determine your organization’s vulnerability to ransomware. The essence of the training is this:

Never trust unexpected attachments or links in email, even if you know the sender. This is worth repeating and in all caps: NEVER TRUST UNEXPECTED ATTACHMENTS OR LINKS IN EMAIL, EVEN IF YOU KNOW THE SENDER

antivirus cryptolocker encryption file access Internet security ransomware security virus