A fairly new CryptoLocker malware has been spreading via Yahoo Messenger, and if you’re infected it may cost you a fortune to retrieve your own data.

Look Before You Jump, Steer Clear of YOURS.JPG.exe

The CryptoLocker ransomware has been wreaking havoc among many users, disguising itself as a file named ‘YOURS.JPG.exe’, the malware will encrypt important system files, and basically locking out rightful owners from their computers and documents.

2309323926

To regain access, the ransomware—as the name suggests—will demand ransom money from its victims.  In this particular case, the CryptoLocker ransomware demands $400 for a key which will supposedly unlock the encrypted files.  Once the ransom process is initiated, the malware will set off a timer that will destroy the key within a given amount of time if the exploiters don’t receive their fund.

Main Target: Yahoo Messenger Users

If you’re using Yahoo Messenger at home and especially at work, please take the necessary precautions to prevent this form of exploitation from happening to you. Recently CrytpoLocker has been targeting Yahoo Messenger users in the form of image attachments. First, we suggest you install the latest version of CryptoPrevent to keep CryptoLocker from infecting your computers.  It is also highly advisable that you keep your antivirus/antimalware software up-to-date, as this will also shield your computers from various online attacks.

For more tips and tricks on what you can do to prevent these types of intrusions and attacks, please don’t hesitate to contact our IT professionals.

Read More


OnsitePCSolution_Main_Image_v1

 

Your website is crucial in helping the rest of the world to find your service or to learn more about you.  As more websites are built on WordPress allowing you to easily manage your site pages, blog and online stores, it has become a target of criminals.  In this article we will cover why it’s important to avoid free premium WordPress themes.

I have a website, what’s the problem?

If you have recently (in the last several years) had your website updated or created, there is a good chance  your main website or a sub section such as the blog is running WordPress.  The best way to check if WordPress is being used is to ask the person that designed your website.

 

Onsite_PC_Solution_wordpress-logo

 

A theme is then used to change the layout, colors, fonts and general look and behavior of your site.  Themes can either be free, or premium where you pay for more features, updates and typically support.  Since premium themes cost money, some people decide to do a quick Google search to find the premium theme for free.

Premium themes that are quickly available over Google can contain malicious code that will infect your website, and as a result anyone that visits your website.

What happens if my site is infected with malicious code?

Once your site has been infected, the malicious party can then run programs and code on your website.  This not only puts your website at risk but also puts your website visitors at risk.  Your website can also be flagged for malware by Google.

Snippet_of_malicious_code

A snippet of malicious code as described by Sam Parkinson in his blog post on the details of pirating premium WordPress themes

How can I keep myself safe?

The next time you talk to your website designer, ask them these questions:

1. Is my website running WordPress?

2. Is the theme of my website free or premium?

3. If it is premium,  where was it downloaded from and paid for?

If the site runs WordPress and a premium theme, make sure it was paid for and downloaded from the theme designer’s official webpage, or from the official WordPress premium theme site.

Also, as mentioned in this article, ask your website designer to disable dangerous functions that are not being used on your site as explained here.

We always recommend giving your office or home IT support all of the details so they can keep track of and inventory potential risks to your business as well.

Read More


CryptoLocker Ransomware demands $300 to decrypt your files

CryptoLocker is becoming the most malicious ransomware (a virus that holds your data ransom) of 2013 since your data is forever lost without a solid backup copy or shadow copy. Here is a summary of what it does and how you can protect yourself.

What does it do to my files?

CryptoLocker will scan your computer and shared network drive for common document files and encrypt them making the files completely innaccessible until you pay a ransom of approximately $300 within 4 days. There is no way to decrypt your files even if your anti-virus cleans the infected computer.

[spoiler title=”Here is a full list of files affected:” open=”0″ style=”1″]
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c[/spoiler]

How would I get infected?

CryptoLocker spreads through attachments in e-mails. The email will look like a customer support issue with a zip file attachment. The virus is inside the zip file hidden as a PDF document.

There have also been reports of people being infected by visiting a website that has Java, a common web programming language.

cryptolocker_wallpaper

How can I protect myself?

There are some security policy changes that can be made to computers to prevent the virus from running, however you must be comfortable with Windows system administration to make the changes. CryptoPrevent will also make these changes for you.  Although rare, you must be careful since it could disable other programs.

The most straightforward way to protect yourself now and in the future is to install MalwareBytes Pro and Avast which both detect and prevent infections. Microsoft Security Essentials is simply not advanced enough to detect this virus.

Having an office or home policy of never opening emails or attachments unless they are from a trusted sender is the first line of defence.

What are my options if I am infected?

The best way to recover from an infection is to run the free version of MalwareBytes to delete the virus, then recover your encrypted files from a backup.

Alternatively, you can use ShadowExplorer or Shadow Volume Copies to recover an older un-encrypted version of the file only if System Restore is enabled in Windows.

If you have no backup, your only option is to pay the ransom and wait for your files to be decrypted by the virus.

cryptolocker_decrypting

Read More