Various Cryptoviruses on the rise

Over the past year there has been a seeming explosion of various cryptoviruses. While there is quite a few versions and variants, at their core is the same fundamental intent. To encrypt your data and hold it ransom, providing a “de-cryption key” after paying a fee, usually in bitcoin.

Frightening. Some recent versions such as Cryptowall go so far as to use commercial grade SSL certificates and other stealth programming tricks to evade traditional anti-virus and anti-malware utilities. They then rapidly encrypt data usually avoided system files allowing the PC to function but all typical data types inaccessible. Word documents, images, PDF’s and such.

The best defense is to never open any email attachment, particularly zip files, from unknown sources. I’ve seen situations where the cryptovirus’s attack vector was fake Adobe Flash updates but far and away the most common as been inside of zip file attachments. Once infected it is easily unnoticed until you try to open a now encrypted file. Inside each folder will be a series of files titled along the lines of “help decrypt”. They will ask you to make a payment via the TOR network to get the decryption key.

So far other than paying the ransom and taking your chances that they will send you the decryption key, defense means limiting damage and restoring data. Malwarebytes for Business and their Anti-Exploit add-on seem to stop most versions but not before a few minutes of file encryption has occurred. We know most versions can encrypt backup data and mapped drives. It has been stated that the most recent version is capable of encrypting or removing not only backups and mapped or external hard drives but the Volume Shadow Copies, otherwise known as “previous versions”. This limits most efforts to restore data. Good non-built-in-to-Windows backup software along with strong anti-virus, MBAM and online backups are probably the best way to go. More importantly do not open unknown attachments and if you are prompted for any updates, go straight to the company page and manually download.

If you would like a quote and or installation of Malwarebytes for Business please contact us!