Typetec

Search

How to Avoid CryptoLocker/Ransomware

by Andrew O’Connor

 

If malware that holds the files on your computer to ransom isn’t bad enough, news that there’s a new variant in the wild that locks down the whole of your computer by taking over the boot process just made the situation a whole lot worse.

Called ‘Petya’, the new threat bypasses looking for the most important files to encrypt, and just goes ahead and locks up the entire drive instead, according to G Data Software.

To achieve its goal, the attacker sends out innocuous looking email that purports to be from a job applicant, with instructions to download a CV hosted in a Dropbox folder. Naturally, the CV is the ransomware and it immediately trashes your boot record, forcing your computer to crash.

When it reboots, a message will appear saying that it needs to fix errors and that it may take several hours. During this time, the entire hard disk is encrypted.

Once complete, on next boot, the user is presented with the sad truth: pay a ransom via Tor or lose access to everything on your hard drive- and that ransom doubles after seven days.

Petya-Ransom Note:

Ransomware

Typetec recommends not paying the requested ransom and instead ensuring that all your data is backed up. That way, you can just copy that image back across, should the worst happen.

While this is by no means the first ransomware online, it’s part of a worrying trend that seems to line up businesses as more lucrative victims than individuals – one hospital in America has already paid $17,000 in bitcoins after it was locked out of its network.

As with many of these attacks, Petya relies on computer users clicking links sent in emails before really considering what they are, or the potential implications.

 

Typetec’s Top Tips:

 

This malware spreads via email by using social engineering techniques. Therefore, our recommendations are:

  • Being particularly wary of emails from senders you don’t know, especially those with attached files.
  • Ensure your operating system and security software are regularly updated.
  • Avoid saving data locally where possible
  • Ensure staff are educated in good computing practices and how to spot threats.
  • Disabling hidden file extensions in Windows will also help recognise this type of attack.
  • We’d like to remind you of the importance of having a backup system in place for your critical files. This will help mitigate the damage caused not only by malware infections, but hardware problems or any other incidents as well.
  • If you become infected our recommendation is not to pay the ransom and contact Typetec immediately.

 

If you have any queries or concerns on your organisations security please don’t hesitate to contact the Typetec Team.

Andy