Ransomware is spreading, demands money from users in return for their files.
Our team wants to make you aware that there is recent increase in ransomware. Ransomware is a new form of malicious software that encrypts all of your files and then demands a ransom payment to release the files. Here are some proactive measures to protect yourself, and information about what to do if your system becomes infected.
Type of Ransomware?
One of the most common types of ransomware that Internet users face today is called Cerber, officially classified as RANSOM_CERBER.A. What makes Cerber unique is that it actually has a voice feature that reads the on-screen ransom note out loud, as opposed to other strains that make the user read it as plain text. Cerber is also unique because it doesn’t encrypt an entire hard drive, just files it believes will be particularly valuable to the victim. These include files with extensions like DOC, DOCX, PDF, MP3, MOV, MP4, JPG, JPEG and more.
CryptXXX, officially classified as RANSOM_WALTRIX.C, is another common type of ransomware that is regularly updated to make it more difficult for experts to combat. Not only does CryptXXX encrypt a user’s hard drive, but it is unique in that it actually has the ability to lock a user out of their hard drive altogether. When the user boots their affected computer, they are greeted by a screen that prevents their operating system’s desktop from loading at all.
Jigsaw, officially known as RANSOM_JIGSAW.I, is certainly one of the more colorful types of ransomware in existence. In addition to display a message indicating that all photos, videos, documents and other files on a hard drive have been encrypted, Jigsaw displays a graphic of the main villain from the “Saw” series of movies – also appropriately called Jigsaw. Jigsaw also has a built-in timer that counts down the seconds until the ransom is increased, instilling a sense of urgency in the owners of infected computers.
Mircop, also officially classified as RANSOM_MIRCOP.A, uses a particularly unique tactic to scare its victims into paying as much money as possible for the ransom. When the ransom note is displayed on an infected computer, it also displays an image of a hooded figure in a Guy Fawkes mask – similar to the imagery used by the hacker group Anonymous. Even though there is no confirmation that Mircop is affiliated with that group, the implication is there and people tend to react accordingly.
How is ransomware spread?
You'll receive an email with an attachment:
• The email contains a zip attachment that looks like a PDF. Since Microsoft does not show extensions by default, it may look like a normal PDF.
• The emails pretend to from customer support at well-known companies such as Fedex or UPS, etc.
• It may also look like an email from Xerox, Xerox copier, fax, or voicemail.
• It may look like an email from someone you know, even from your own company. It may look like postmaster@yourcompanyname with a strange attachment.
• The attachment may be named something like: FORM_101513.exe or FORM_101513.pdf.exe.
What does the malicious software do?
If you open the attachment, your files become infected. The files are then encrypted and you must pay a ransom within 72 hours to have them unencrypted. Wait longer, and the ransom amount increases. Eventually, if you do not pay the ransom, your files will be deleted.
How can I protect myself?
• Be careful when receiving unexpected attachments, even from people and companies that you know.
• Ask the sender if they've sent you an attachment recently, if they haven't, delete the email without opening the attachment.
• Make sure all of your files are appropriately backed up. If you have any concerns, please don't hesitate to reach out to us. We are here to help.
• Do not open attachments from unknown senders or click on embedded links to unfamiliar websites. If you receive a suspicious email, please forward it to firstname.lastname@example.org before opening so we can verify it's clean.
• While there is no known “fix” for ransomware, it’s good to get in the habit of running virus and malware scans on a regular basis. For clients with maintenance contract, your systems are scanned on a regularly scheduled basis.
How do I remove the virus?
At this point, there is no known “fix” for this malicious software. For business computers, contact us immediately to let them know you have been infected so we can assess the situation and create a game plan. For example, if all of your files have been backed up, the ransomware can be deleted from your system.
For home computers without backups, you will need to decide if you want to pay the ransom to retrieve your files.
Who should I contact if I have questions or concerns?
Please contact our Client Care Center with any questions or concerns.