Ransomware Malicious Malware Warning

Ransomware Malicious Malware Warning

Request a callback and find out how CPiO can help your business

Ransomware Malicious Malware Warning

As you may have heard in the media over the last few months there is a malicious, but discrete program in existence that encrypts your files, Ransomware. It then requests you to pay a fee to receive the decryption key in order to once again gain access to those files it has processed.  Sadly, the program is ever evolving and can initially run without detection, due to the nature of the program no anti-virus systems are picking this up as malware or a virus.

 

If you notice anything unusual or see that files have been encrypted please let us know as soon as possible, please see above for an example of what you may see when trying to open a file that has been encrypted. The encryption tool is designed to run through the file system alphabetically, encrypting everything it can. This may not just encrypt files on your machine but can encrypt files on shared drives too. The sooner we react the better as we will need to find the source of the issue and try to stop it before it encrypts all the files that a user can access. In most cases it will be necessary to restore from the last useable backup, decryption is highly unlikely and paying the ransom won’t guarantee return of the data.

As a CPiO Cloud customer backups of your hosted system are taken daily.

 Things you may notice

  • A text file or html file with the last part of the extension changed to .eaa or other unusual/unexpected extension.
  • Restore_files_bellp.txt or Restore_files_bellp.html file found in folder.
  • A warning message when trying to open files.

This malware can get on to your machine through the following:

  • Email attachments
  • Infected internet pages. This can affect almost any website as it can be injected into the adverts on sites even big names such as Yahoo can be affected.
  • Spreading across network drives from infected machines.
  • Removable media such as USB drives.

Please do contact us if you have any questions in relation to the above.

Please see the below links (Cisco and Microsoft), where the malicious program is discussed in more detail:-

http://blogs.cisco.com/security/talos/cryptowall-3-0

http://blogs.technet.com/b/mmpc/archive/2015/01/13/crowti-update-cryptowall-3-0.aspx

Customer Success

White Paper Request

  • This field is for validation purposes and should be left unchanged.
X
Live Chat
Looking For Something?