Gratefully shared from the BBB
In January, a new version of the CryptoWall ransomware - a type of malicious software designed to block access to a computer system until a sum of money is paid - began circulating after being dormant for several months. When installed, CryptoWall 3.0 encrypts all of your data and then leaves a ransom note.
Once infected, you have three unpleasant options: recover from a recent backup, rebuild your systems and live without the lost data, or pay the $500 ransom to get the decryption tools and key. BBB has received at least one report from a local business that has been affected. Fortunately, this business was extraordinarily well prepared and was back in full operation in just 26 minutes with no loss of data. We would like you to ensure your business is protected as well.
Given the resurgence of this malicious ransomware, here are some tips to ensure your online safety:
- Have your IT shop review your patching and backup procedures. Your best first defense from this attack is up-to-date software. Version 3.0 relies primarily on weaknesses in other software on your system. These weaknesses are being fixed daily by the manufacturers and the fixes need to be installed on all systems. Of particular concern are browsers and plugins to browsers, such as Adobe (Acrobat Reader, Flash Player, Shockwave Player), Java, Windows Media Player, etc.
- The only real recovery option is a recent backup. Version 3.0 will encrypt files on any Windows drive mapped as a letter – that is C:, D:, etc. This includes network shares inside your organization and cloud drives like DropBox if you have them mapped as a letter drive.
- Since this version of CryptoWall will attack any letter mapped drive, it is important to review where your backups reside. If the malware has access to your data and your backup, then there is no recovery path. Please review the access all computers in your environment have to your backup files. While it has long been a best practice to limit access to backup archives, now it is essential. You may want to consider keeping a copy of your backups off the network, if you do not do so already.
This is not so much a warning about ransomware as a reminder about online security and safety. Please take this opportunity to review your patching and backup procedures and evaluate the risk to your data if this particular malware got onto one of your systems. This happened to a local business and they were prepared. We want you to be ready as well.