03/05/2016
It seems that a new variant of the encryption virus is making the rounds this week. We have received reports of this nasty exploit appearing in emails indicating "your invoice" and "your tracking information". The virus is triggered when you open the attachment.
What it does:
An encryption virus is a monetary exploit. When the virus is launched it searches your hard drive for several different file types. Pictures, Office documents and database files are primary targets. The virus then uses strong legitimate file encryption to "scramble" your files to an unreadable state. The only way to unscramble the files is to have the encryption key. This key is held by the controller of the virus, and they demand you pay from $300 to $500 for the key. Of course you never speak to these people and just by the nature of what they do, even if you pay the money there is no guarantee you will receive the key or that it will even work to decrypt your files. Because the virus uses legitimate file encryption, it is very difficult or almost impossible to decrypt your files. There are a few companies that are successful with decryption, but this is an expensive process and not always successful. This virus also finds shared directories on other machines and will encrypt all files on those shared or mapped drives in addition to your local hard drive. Other than the ominous, one now even uses speech through your speakers, notice and demand for payment, the virus doesn't affect the normal operation of your machine.
Prevention:
Most antivirus programs are only about 30% to 50% effective in preventing infections. The encryption virus seems to be able to circumvent most antivirus programs. The best prevention is user awareness. Don't open emails from unknown sources. Do not open attachments unless you are positive of the sender and of the contents of the attachment.
Recommendations:
Sleekcom recommends you use a comprehensive backup method to backup your data files. We advise using a multi-layer backup including a local backup and a remote or off site backup that is isolated from your computer. We also recommend maintaining at least several days, or even weeks of backup sets. Because this virus uses legitimate encryption, most backup systems will backup the encrypted files. It possibly could be several days before you realize you have been infected. If your backup only keeps a couple of days of backup and overwrites as it backs up, you could end up with encrypted backup files as well.
If you think you might be infected or are experience problems with your computer or business network, give us a call and we can help.
