Your Data Could Be in Danger

Posted by Mark Jennings - October 11, 2013 - Important Information

Don’t fall victim to Cryptolocker Ransomware

SQ_Blog_CyberAlert

SymQuest would like to inform you of a relatively new malware infection we are working on for a few of our SafetyNet clients. It’s referred to as Ransomware, and this particular infection is called Cryptolocker.

What is Ransomware?
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. In most cases, the operating system is uninfected and remains functional. However, Ransomware blocks, or encrypts, your personal files so you can’t gain access to them until you pay the “ransom,” usually about $300. Worse than that, if a workstation has a mapped drive to a server, that server share can also become infected, as is the case with our affected clients. We are actively assisting these clients to clean the infections and restore their data from backup
where possible.

How is it spread?
Cryptolocker, like many malware infections, is spread via infected web links (clicking on that ad in Facebook that you just aren’t sure about), phishing and other email scams. It encrypts any mapped drives attached to the system that holds the original infection. Cleaning the original infection is simple, but decrypting the files is not possible without paying the “ransom” to get the private key. In this particular strain, paying the fee does actually allow you to decrypt the files. The only other solution would be to restore from a full backup. Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb,
xlsm, xlsx

How is it prevented?

  • Make sure your antivirus software is up-to-date; real-time scanning is enabled; and full scans are regularly scheduled
  • Make sure your anti-malware software is up-to-date; real-time scanning is enabled; and full scans are regularly scheduled
  • Make sure you have enabled email filtering protection to help reduce
    phishing attempts
  • DO NOT click on any links on the web or via email that are even slightly questionable. When in doubt, delete it.

Learn more with this additional information:

Learn more about SafetyNet Managed Network Services

about the author

Mark Jennings

Mark Jennings is SymQuest’s Area Vice President of IT Sales. Jennings works with SymQuest’s sales and service teams to educate customers on current best practices around data protection, disaster recovery, security, and overall technology planning.

Mark Jennings
LinkedIn

Comments