CryptoLocker Ransomware demands $300 to decrypt your files

CryptoLocker is becoming the most malicious ransomware (a virus that holds your data ransom) of 2013 since your data is forever lost without a solid backup copy or shadow copy. Here is a summary of what it does and how you can protect yourself.

What does it do to my files?

CryptoLocker will scan your computer and shared network drive for common document files and encrypt them making the files completely innaccessible until you pay a ransom of approximately $300 within 4 days. There is no way to decrypt your files even if your anti-virus cleans the infected computer.

[spoiler title=”Here is a full list of files affected:” open=”0″ style=”1″]
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c[/spoiler]

How would I get infected?

CryptoLocker spreads through attachments in e-mails. The email will look like a customer support issue with a zip file attachment. The virus is inside the zip file hidden as a PDF document.

There have also been reports of people being infected by visiting a website that has Java, a common web programming language.

cryptolocker_wallpaper

How can I protect myself?

There are some security policy changes that can be made to computers to prevent the virus from running, however you must be comfortable with Windows system administration to make the changes. CryptoPrevent will also make these changes for you.  Although rare, you must be careful since it could disable other programs.

The most straightforward way to protect yourself now and in the future is to install MalwareBytes Pro and Avast which both detect and prevent infections. Microsoft Security Essentials is simply not advanced enough to detect this virus.

Having an office or home policy of never opening emails or attachments unless they are from a trusted sender is the first line of defence.

What are my options if I am infected?

The best way to recover from an infection is to run the free version of MalwareBytes to delete the virus, then recover your encrypted files from a backup.

Alternatively, you can use ShadowExplorer or Shadow Volume Copies to recover an older un-encrypted version of the file only if System Restore is enabled in Windows.

If you have no backup, your only option is to pay the ransom and wait for your files to be decrypted by the virus.

cryptolocker_decrypting

Read More


Protection Details

This image is from Dennis Technology Labs July – Sept 2013 report showing how effectively programs can block or clean an infected computer.

Every business owner wants to be sure their data is protected 24 hours a day. Since its introduction in 2009 Microsoft Security Essentials has been the go to free anti-virus solution for users running Windows Operating systems. It’s popularity was due to being directly tied in to the Windows Operating system and being a light weight application that runs in the background without being a system hog.  Is it enough to protect your files today?

What’s the problem?

This year companies such as Dennis Technology Labs and AV-Test.org released reports showing Microsoft Security Essentials did poorly compared to other anti-virus programs, unable to detect many new viruses.

Protection_Rating

This image is from Dennis Technology Labs July – Sept 2013 report showing each products accuracy when detecting viruses.

Microsoft’s response to this was that the viruses and malware used in the tests don’t represent real world scenarios stating “94 percent of these missed malware samples were never encountered by any of our customers”.

Holly Stewart, senior program manager of the Microsoft Malware Protection Center, mentioned in an interview with Dennis Technology Labs that Microsoft Security Essentials is a good “baseline strategy” and to diversify your protection to have the most effective security available.

Should you take action?

Microsoft Security Essentials is a good baseline anti-virus to run on your home or office computers. However to be as protected as possible, it’s a good idea to run programs with higher success rates of catching viruses such as MalwareBytes Pro. Even if these programs aren’t running on all computers, it’s good to run them on critical systems such as servers.

Read More


DLink_Router

An easy hack that affects D-Link routers has recently been discussed in this article from devttys0.com. The writer of the article, Craig, goes through the steps of how the exploit works in great detail. If you are running a D-Link router in your home or office, should you be worried? We will go over a summary of the exploit here.

What’s the problem?

In a nutshell, if someone is connected to your home or office network they can change the user agent, which tells the website a little bit of information about your computer, giving them access to change the main settings of your D-Link router. The user agent needs to be set to “xmlset_roodkcableoj28840ybtide” which is backwards for “Edit by 04882 Joel Backdoor”, further pointing to this being originally used as a backdoor to the D-Link settings.

dlink-admin-page

Once an attacker is connected to your D-Link settings they can change passwords, network settings and wireless settings. A hardware reset should fix you right up if you are attacked.

How can I check my home/office wifi?

The first thing you want to do is to flip your D-Link router over and check if the model matches any of the following:

DIR-100
DI-524
DI-524UP
DI-604S
DI-604UP
DI-604+
TM-G5240

Several Planex routers also use the same firmware:

BRL-04UR
BRL-04CW

Even if your model number is not listed, there is no guarantee the D-Link or Planex router you are running will not have the same or similar problem. The exploit was tested on a specific version of the D-Link router software but there is no note of it being fixed. The only way to be 100% sure your D-Link device is not affected is to try the exploit explained in the above article yourself, or ask your office/home IT support staff.

What to do if I am running an affected router?

You do have a few options if you are running a D-Link router that could be vulnerable.

1. Make sure the settings of your router are not accessible from the internet. This will help prevent attackers from the internet, but if someone is connected to your wifi or network in your home or office you are still vulnerable.

2. Replace your D-Link router with a model that is not affected. This may be the only guaranteed way to avoid becoming a victim.

Onsite PC Solution is based in San Jose California and provides small and medium sized business IT support.

Read More


 

Network_Cables

In this article from Information Weekly, Brian Barnier explains some steps businesses can take to make sure they aren’t making costly mistakes when it comes to social media and how internal data is handled.  He goes into specific details in the article, but the main points he emphasizes are:

1. Decide what data is important to you

For example private customer information, the details given out on social media websites, and data gathered from your various sales, marketing and accounting departments.

2. Look for all in one packages

Make managing the above data as easy as possible with programs or solutions that handle everything.  An all in one solution will save time and in the end money.

3. Automate

Taking the all in one packages one step further and automating how your business data is managed will avoid possible breaches and problems in the future.  You can do this through office policies or through a set of processes.

Check out the article here!

Read More