CryptoWall: a new security threat
Is your business secure from the latest
malware and security threats? The truth of the matter is that there is
always a chance that your business and systems can be attacked and breached
by a variety of security threats. One of the more common threats of last
year was a nasty piece of ransomware called Cryptolocker. While the first
version has largely been dealt with, there is news that a new version of
this – called CryptoWall – which has surfaced.
What is Crypto
Crypto malware is a type of Trojan horse
that when installed onto computers or devices, holds the data and system
hostage. This is done by locking valuable or important files with a strong
encryption. You then see a pop-up open informing you that you have a set
amount of time to pay for a key which will unlock the encryption. If you
don’t pay before the deadline, your files are deleted.
When this malware surfaced last year, many
users were understandably more than a little worried and took strong
precautions to ensure they did not get infected. Despite these efforts, it
really didn’t go away until earlier this year, when security experts
introduced a number of online portals that can un-encrypt files affected by
Cryptolocker, essentially neutralizing the threat, until now that is. A
recently updated version is threatening users once again.
Possibly because of efforts by security
firms to neutralize the Cryptolocker threat, the various developers of the
malware have come back with an improved version, CryptoWall and it is a
threat that all businesses should be aware of.
With CryptoWall, the transmission and
infection methods remain the same as they did with the first version: It is
most commonly found in zipped folders and PDF files sent over email. Most emails
with the malware are disguised as invoices, bills, complaints, and other
business messages that we are likely to open.
The developers did however make some
“improvements” to the malware that make it more difficult to deal with for
most users. These changes include:
IDs are used for payment: These are addresses used to verify that the
payment is unique and from one person only. If the address is used by
another user, payment will now be rejected. This is different from the
first version where one person who paid could share the unlock code with
other infected users.
can securely delete files: In the older version of this threat, files were
deleted if the ransom wasn’t paid, but they could be recovered easily. In
the new version the encryption has increased security which ensures the
file is deleted. This leaves you with either the option of paying the
ransom or retrieving the file from a backup.
servers can’t be blocked: With CryptoLocker, when authorities and security
experts found the addresses of the servers that accepted payments they were
able to add these to blacklists, thus ensuring no traffic would come from,
or go to, these servers again. Essentially, this made it impossible for the
malware to actually work. Now, it has been found that the developers are
using their own servers and gateways which essentially make them much, much
more difficult to find and ban.
How do I prevent
my systems and devices from being infected?
Unlike other viruses and malware,
CryptoWall doesn’t go after passwords or account names, so the usual
changing of your passwords won’t really help. The best ways to prevent this
from getting onto your systems is:
open any suspicious attachments - Look at each and every email attachment
that comes into your inbox. If you spot anything that looks odd, such as
say a spelling mistake in the name, or a long string of characters
together, then it is best to avoid opening it.
open emails from unknown sources - Be extra careful about emails from
unknown sources, especially ones that say they provide business oriented
information e.g., bank statements from banks you don’t have an account with
or bills from a utilities company you don’t use. Chances are high that they
contain some form of malware.
Should your files be attacked and
encrypted by this malware, then the first thing you should do is to contact
us. We can work with you to help
find a solution that will not end up in you having to pay the ransom to
recover your files.
If you are looking to learn more about
CryptoWall malware and how to boost your security and protect your data and
systems, give us a call - we can be you your first line of tech defense.
disaster recovery lessons
Regardless of what your business is, or where you are
located, you may at some point face a disaster that affects your business
operations. In order to make it through troubled waters without serious
harm to your business you need to have a Disaster Recovery Plan in place.
To help ensure that your strategy is ready, here are five tips that other
businesses have learnt from facing disasters that you can work into your
1. Have a full copy of your data backed up
outside of your operating region
Almost every company, regardless of size, has backup
measures in place. These backups can be either physical or digital, and are
supposed to be carried out on a regular basis. If a disaster strikes,
having access to your data can help ensure that you can recover your
systems and resume operations in the minimal amount of time.
[ Read more ]
Investing in 3
main IT areas
IT is in a near constant state of
evolution, largely because of the sheer number of technology-based systems
and products released on a weekly basis. This fast-paced development has
led to the creation of three major IT areas. It is essential that companies
invest in these three areas if they want their business to succeed.
Mohammad Mannan, an assistant professor at the Concordia Institute for
Information Systems Engineering in Montreal, came forth with the position
that modern malware has rendered antivirus products essentially useless.
Mannan went on to say that because antivirus products struggle to detect
malware, he believes anyone relying on antivirus as the first line of
defense is likely vulnerable to attack.
Malware has become increasingly sophisticated, but has it
really deemed antivirus useless?
Data. Your Network. Our Responsibility
you need help with your computers or computer network, I'm hopeful that you
will consider calling: INFO-TEK @ 816.914.8826.
I N F O – T E K
The Computer Guys
Computer & Network Specialists
* Coupon good for
Service only. Limit one per customer and not to be used in
combination with any other offer from INFO-TEK. Please present
coupon at time of service. Expires 12/31/2014