Recently one of my clients offices became infected with a virus. The virus is known as CryptoWall and is one of the seediest viruses that I have had experience with. We did everything right at the client in order to keep such occurrences from happening, but it still unfortunately snuck through our defenses.
I call it seedy because once it loads itself into a workstation, it proceeds to apply encryption to the programs and files on your computer and attached drives attached as letter mapped drives. It apparently does this by reading lists of recent files used by the infected machine. In the case that I saw it affected thousands of files. The virus them posts a ransom message that tells you what the virus has done and directs you to load an anonymous browser to connect you to a site where you can pay a fee for unlocking your files. Of course, there is no guarantee that you’d ever get anything other than a debit on your credit card to show for the $1,000 you’d have to pay.
I make it a policy never to reward bad behavior, so the remediation involved restoring files to their original status. It was an involved task, and so, I offer this list to help keep such problems from happening to you and your firm.
Here is my list of tips.
1. If you receive an email that you are not certain about the source, do not open it. If a suspicious email is already open… do not click on any links in the email.
2. If the email looks like it is from a trusted source, it is still better to be safe than sorry. Try contacting the sender if possible. Many attacks use spoofing (using someone’s computer or email account who is unaware it is being used) to deliver messages that make it enticing to click through. Here are some examples of emails that should set off red flags for you to consider:
– An email from a friend with no content other than a link
– Mis-spelled common words in the subject line or the body of the message. Many spammed messages are created overseas by those who don’t have a good command of English.
– An email from someone you rarely communicate with. In many cases, users get a virus that will send out the virus to everyone on their contact list.
– Check out any email with an attachment. The ones that are most suspicious are those attached with the filename ending in an .exe .doc, .xls, or .htm extension. Do not open an attachment with these endings unless you ask someone who knows or go ask the sender.
– Unsolicited emails, especially with links or attachments.
3. Though not specifically apropos to email-borne viruses, don’t go out into the “weeds” when surfing the internet. In other words, don’t go to areas where nefarious activities are likely to happen. This includes gaming sites, music or file sharing sites, freeware sites and the like. Many times malware and viruses can be transmitted from compromised sites by clicking on an innocuous looking link. These are called drive by’s (see my blog for more information on these.)
4. Keep your virus scanner up to date. Buying a subscription based scanner is usually better than using free scanners.
5. If you have a problem or suspect there may be a problem, the sooner you reort it to get it resolved, the better. If your computer starts running slowly and freezing up it is a sing that something is wrong, so don’t wait and hope it will get better.
6. Make sure you have a good backup of your data. You may want to create a system restore point in Windows once a week which will usually help restore your computer if it is compromised.
Remember that these guys a really good at making you click by creating messages that stimulate your interest or make you think it is imperative to click.
Bottom line: DON’T CLICK UNLESS YOU ARE SURE!