Sunday, 29 November 2015

Cryptowall – what you need to know.

Cryptowall – what you need to know. is available on Nimbus IT Support

  Ransomware has been causing havoc for some time now and we are still hearing about businesses getting in trouble.

So what is it?

Around the end of 2013 a new breed of virus, ransomware, appeared - the best know variants are Cryptolocker and Cryptowall. The virus encrypts files and holds the victim to ransom - if they don't pay the files are lost - if they do pay the victim best hope the attacker is good to their word and provides the decryption code. cryptowall-hard-drive  

How does it get on?

The virus may get on your system in a number of ways. Common methods include via email attachments and through websites. More sinister than this, companies have been specific targets of hacking - attackers have actively chosen a company to target and attack. It is believed that small businesses may make good targets because:
  1. Generally easier to hack than enterprises.
  2. They will be willing to pay to not lose their data.
  3. They have the money to pay.

What does it do again?

Once on your computer the virus starts to encrypt your files. It will try to encrypt any files it can get its hands on - like your My Documents and your network drive files. It goes for files like word documents, images and spreadsheets. Often the first sign you get is when Word or Excel refuses to open one of your files. When the files are encrypted a message is displayed on your PC to let you know what's just happened. The message will also provide details on how to pay. The encryption used requires a key to decode it - the key remains in the hands of the bad guys. The files can not be decrypted without the key.

Can I pay and how much?

Normally if you pay up the key is provided and you get your files back. But you are dealing with criminals, so no guarantees. The amount extorted varies in multiples of £100's to £1000's.

Can I recover my files?

Obviously you can go straight to your backup and get them there. We are painfully aware that many people don't have backups, keep reading.  It's worth noting that if undetected for long enough the backups may be encrypted also. So no backup, what's next?  So you if are not not paying then you need to remove the virus, anti virus software like AVG and anti-malware like MalwareBytes should take care of most of that. Next is the tip that may save you - previous versions. Most Windows PC's will have previous versions enabled. This allows you to restore previous versions of your folders - restore a version from before the virus did it's work.

I got my files back, now what?

Once you have recovered your files, and have them safely on a backup drive, reset the infected computers back to factory settings - in other words install a clean version of windows. We hope the above overview is useful, prevention is better than a cure - so if you are lucky and haven't been hit yet, now is a good time to check your backup plan is working and that you have effective anti virus measures in place. Here's some more information from AVG specifically about Cryptolocker, AVG are partners with Nimbus CS:   https://www.youtube.com/watch?v=cYVqJ0N0FDY

If all this is Double Dutch and you want someone to take care of it for you,  give Nimbus CS a call today.

No comments:

Post a Comment