We just helped out a customer that got hit by Ransomware, in this case CryptoBlocker. For those of you that don’t know what ransomware is, it’s a type of malicious software that gets installed on your computer and allows criminals to lock access remotely. It then pops up a big window which presents you with a message informing you that it can be removed by paying from $100 – $300 via credit card.
It’s called ransomware because its not trying to trick you. The crafters of these nasty little apps typically come right out and tell you that you’re being ‘shaken down’ in order to get your files or normal operation back. Pay the money or else…
CryptoBlocker is particularly evil as it encrypts all the user files on your disk (Word, Excel, PDF’s, etc). And particularly alarming, it also encrypts all the files found on any mapped drives in your organization. Because the files are encrypted by a public/private key with a very complex encryption formula, you can forget about somehow decoding it (unless you’re the NSA). And this isn’t something that can be removed by your antispyware or antimalware software. Your only choices are to either pay the ransom or just delete all that data.
How can you get infected? Usually by clicking on an attachment in an email message with a ‘zip’ extension. By doing this you self-infect your computer and no antivirus software in the world will stop it.
Email messages try and trick you into opening the attachment by pretending they are from UPS, FedEx, a bank, an eFax, or a voicemail message.
This is another reason why it’s so important to educate yourself and your users not to open attachments to messages unless they are 100% sure they know who they are from.
And organizations should take some preventative actions, too. Email systems should be configured to block .zip attachments (and several other known malicious formats), and user workstations should either be configured to prevent installing software or have System Restore points regularly created so that a computer can be ‘rolled back’ to a pre-infected state.
Everyone be careful out there!