Urgent Security Alert!
Urgent Security Alert – CryptoWall 3
What is it?
CryptoWall 3 (with a new MD5 hash) is the newest variant of the CryptoLocker/CryptoWall family. It was released earlier this year and has surged within the past few days. It works by encrypting the data on your computers and servers. Without paying a ransom (beginning at $500), you may not be able to recover your data. Even paying the ransom doesn’t guarantee the decryption of your important files.
How does it spread?
The newest spike in infections is caused by a spam campaign. In other words, we’re seeing an increase in spam (much of the spam is coming from Yahoo, but we’re seeing other email providers as well) with attachments that appear to have resumes, FedEx delivery notices, or other similar emails.
How to protect against it?
Simply relying on antivirus software is not enough to stop CryptoWall. The best antivirus programs block 99% of viruses/malware, but with over 2,000,000 new viruses released each year, that still leaves you vulnerable to 20,000 viruses.
A layered approach is best. We recommend:
- An updated antivirus program for your computers and servers
- A managed firewall running an antivirus program
- A security solution that redirects Internet traffic to catch threats before they enter the network (similar to WAMS Internet Security)
- A solid, reliable onsite and offsite, image-based backup solution in place so that if/when you are attacked, you are able to recover quickly with the most recent, uninfected backup.
The last and most important layer to your protection is education. Take a minute and forward this to your office to make sure everyone knows what to look for.
- Never open email from users you do not know. If you open an email and realize you don’t know the user or the email doesn’t look legitimate, DO NOT click on any attachments. Delete it!
- If you aren’t expecting an email (e.g. for a FedEx delivery), don’t open it and DO NOT click on any attachments.
- Don’t click on links in email (even if you know the user) unless you’re expecting them. Their computer may be infected and sending spam/malware. If you receive a link that appears to be legitimate, open a browser (e.g. Internet Explorer) and type the address (especially PayPal or bank links).
- Don’t download “free” software regardless of the vendor. We’ve seen a huge increase in malware from previously legitimate sources (like downloads.com).
- Use corporate/company email while at work. Our clients have managed firewalls and anti-spam software which scans company email. Some of the security features may not be available over free/personal email services such as Yahoo or AOL.
- Don’t bring any computers into the office network (including home laptops) unless they have updated antivirus software (approved by IT).
- Avoid clicking on banner ad that link to information or sites when using your web browser. Go directly to the site by typing in the address or use a search engine such as Google or Yahoo and don’t click on links marked as “Ads or Sponsored Links.” Scroll down to the link that is directly associated with the search.
- If you think you’ve already clicked a link, you could be infected. You will not typically see any pop-ups or other suspicious activity until it’s too late. Call us immediately! New versions of CryptoWall start a countdown clock. Every second that passes could increase the damage to your data.
It is important to remember that these types of malware are constantly evolving and changing. The method they use to attack could vary in the future, which is why it is important to protect yourself by having the right technologies in place AND to keep everyone educated.
Please feel free to reach out to us if you have any questions or would like more information on any of the security solutions mentioned above.