Saturday, November 16, 2013

PSA: Fun Trends in Computer Viruses: Ransomware!



I care deeply about each and every one of my readers and to show my love and affection for you, I always want you to stay safe.

In that spirit, I share with you what our Chief Information Officer shared with us this week.

Over the past two weeks, 3 nefarious and increasingly virulent approaches to holding your computer data hostage, with requests for up to $300 to get it back have become.  Since this could impact not only your professional data but your personal data as well, please read through this note, including the 4 bullets under “details,” and (since not everyone reads every e-mail) please mention it to your team mates.  This is of high importance for everyone to know.

Bottom Line On Top: 
Whenever you use any computer (work or personal), only browse to safe sites and don't open attachments from people you don't know.

  • If you're at work and don't know if a site or attachment is safe, contact your IT Support department.
  • If you're working on your personal computer and don't know if a site is safe, make sure your antivirus software is updated and will tell you of potentially unsafe sites (McAfee does this). You can also scan attachments.
Details:
  • 3 "ransomware" scams have recently seen significantly increased activity:
    • An actual phone call from "Microsoft" letting you know that your computer is infected, with a "technician" willing to walk you through the process to "repair" it.
    • An "FBI virus" that tells you that you've been perusing smut, and letting you know that the Federal government needs you to take action.
    • And the worst of the lot: a "CryptoLocker virus" that poses as a US or FedEx delivery email notification encrypts the files on your PC (and any network you're on), giving you and the entire network 3 days before the data is lost forever.
  • Please do not browse to sites that do not receive a green check mark next to it from your anti-virus software. This example contains the different icons you might see next to a web search. The green checkmarks from McAfee indicate that the site is secure. The question mark indicates that the site is questionable. The red x indicates that the site should be avoided because it is dangerous.

  • Do not open any attachments or click on any links in an email that are not from sources you trust and/or which do not specifically relate to business you are conducting (either personally or professionally). 
  • If you're not sure if you can spot spam, take this short quiz my company put together last year. I promise the link in the last sentence is safe.
  • Finally, below is an email from a colleague of my CIO explaining some of these issues in more details.
Email received by my CIO from an IT colleague:

Subject: ✳Tech Talk: Give me $300 within 3 days or I'll encrypt all your files...

Tech Talk
Technology tips you can use, from people you can trust, in the 90 seconds you have.

Just when you thought the writers of viruses couldn't get any more evil, they do.

I'm talking here about computerized extortion.

The subject line of this Tech Talk describes a "ransomeware" virus called CryptoLocker that surfaced last month and has steadily spread. CryptoLocker will encrypt files on your computer and then pop-up a message that you have 3 days to send a ransom of $300 to the hacker. If the ransom is not sent, the files remain encrypted and the unencryption key is destroyed, rendering the files unrecoverable. CryptoLocker conveniently provides a countdown clock that shows how much time is left before the files are destroyed and provides detailed instructions of how the ransom is to be sent.

The virus is spread through something we've written about before called a "phishing attempt." You'll get an email from FedEx or UPS, or some other respected company that contains an attachment (a ZIP file). After opening the file, your computer is infected. Any USB drives, external drives and even the network drives the computer is attached to can be encrypted with the ransomware.

What Can I do?
Although this Tech Talk describes a particular virus, you can guard against it in the same way you can guard against other viruses - practice "safe" computing.
  • Be very cautious about opening email attachments. Large companies typically do not send out emails with attachments.
  • Make sure that you back-up all important files to an external drive (or if you're at work, save your work to your work network because your IT department regularly backs it up and can simply wipe your computer back to its original state with no important work lost.)
  • Run anti-virus programs at home and keep them up-to-date.
Want to read more about CryptoLocker? Here are some links:

No comments:

Post a Comment

Thank you for leaving a comment on Little Merry Sunshine. Due to the volume of spam comments, all comments must be approved to ensure they are not spam or spambots. Thank you for understanding.