Crypto Virus

MALWARE LOOKING LIKE REAL EMAILS

MALWARE TARGETING AUSTRALIA

What is Crypto Virus?

Cryptoviruses are a type of destructive malware that can affect the files on your hard drive and mapped network drives by encrypting your files. Following encryption, the user is presented with a warning and asked to pay a ransom to receive the key to decrypt their files again.

They usually get sent around in email attachments, and looks harmless and legitimate. They can be sent to you as an invoice or general document attachment anyone could open by mistake, not checking the sender's address.


What To Do When Your Business Is Hit By A Cryptovirus

When the owner of a Brisbane business saw a traffic infringement notice email come through on the computer she uses to run her small business, she didn't even think twice about clicking it. The computer instantly froze up and then a message appeared on the screen informing her the device has been hijacked and that she needed to pay a $900 ransom to gain access to all her files again. They have been hit by a cryptovirus.

Cryptoviruses are targeting Australian small businesses in force right now. According to Symantec security expert Mark Shaw, crypto malware attacks on Australian businesses have increased significantly over the past two years, making Australia the favourite target for cryptoviruses in the Asia-Pacific region.

There is no miracle way to absolutely prevent an attack from cryptoviruses, but educating users about the potential threats is a start. If you see an email, even if it’s from a perceived reputable source, ask yourself a few questions: Is this from someone I know? Was I expecting this email? Does the email address itself look suspicious?

Having email security software would also help with the prevention process, but just make sure your software is up-to-date.

The most important step small businesses should take is to back up everything on their computers. It's surprising just how many businesses don’t have a habit of backing up their data.

So what happens when it’s too late? What happens when you’ve already been crippled by a crypto malware?

Here’s what we recommend:

  1. Unplug the affected PC from the network immediately.
  2. Remove the malware using reputable security software.
  3. Recover the encrypted files by restoring from backup or the built in Windows System Restore capability. It is highly unlikely you’ll be able to decrypt the impacted files as the attackers typically leverage industry-standard, strong encryption algorithms.
  4. Don't pay the ransom. There is no guarantee that the attackers won’t up the ante or deliver the key needed to decrypt your files. Paying will serve to fund the criminals behind the attack, allowing them to target more victims.

If you run multiple PCs in your business, be aware that they may also be infected if even one is compromised by a cryptovirus.

If you need an IT team backing your business in this dangerous connected world, speak to the IT team at Keycomm.



Mobile Phones Managed I.T. Cloud Services Websites Networks