If you haven’t heard of this phrase, it describes software that is run on a computer and it’s goal is to encrypt your files and then pop up an alert that wants to extort you (the user) into paying to “unlock” your files. This type of Malware has been called a number of different names; CryptoLocker being the most common, but this morning we had a client that picked up a new variant and we thought it would be timely to send a quick blurb to our valued audience.
Delivery is most common via an email attachment that when opened, has a payload that either redirects to a malicious web site and then downloads the installer. Or, the Trojan is run on the system from the attachment and resides in memory and then saves itself to a folder, adds registry values and then spawns other processes of itself to stay alive. Even if you don’t have local administrative rights (a technique used to keep the infection from spreading to the entire operating system) it can encrypt your local workstation files but this little gem from this morning, encrypted files on mapped drives on their servers.
http://virusguides.com/teslacrypt-4-0-bug-fixes-decryption-impossible/
Luckily our client was using our CSI Onsite BDR solution (Backup and Disaster Recovery) and we’re in the process of cleaning the computers and restoring those files from earlier today.
What can you do? Depth of Defense is the term we’d like to leave you.
Backup: Make sure your files are being backed up in real-time if possible. CSI Onsite can assist you in finding a solution that makes sense for your business and budget.
Email protection: Have a good edge defense for your emails. Even if you have a good system in place for your “business” emails, users can check personal emails on their work computers and devices potentially bypassing the email filtering solution in place.
Firewall Security: Don’t skimp on your firewall. Think of it as a traffic officer at the edge of your network. Having additional software and security software on that firewall will help monitor the contents of that traffic in attempts to make it safe and keep out the riffraff.
Web Site / Content Filtering: Besides having a good firewall and security approach, CSI Onsite also provides a service to help your firewall (traffic officer from the previous example) know which sites may have malicious or questionable content. By checking with another centralized database to determine if the site your computer is visiting, is legit or known to have not so good intentions, we can help add that extra layer to hopefully keep a protective position.
If you’d like to speak with our team about services used to keep your business running smoothly, please feel free to visit our web site or contact us to schedule a time to chat.
Hopefully we’ve impacted you in a positive way today!