Tuesday Tech Tip, November 12, 2013 Print
Tuesday, 12 November 2013 14:38

 

Internet Safety - A small investment for a rich future

 

My boss asked me to update all of my readers on CryptoLocker one more time because one of our clients has already become infected.  We at Pronets are all deeply concerned about you and your systems.   For our larger (and smaller) clients, you need to make sure all of your employees are aware of this particular strand of ransomware. This is something that a user accidentally installs onto their machines and there is no way to undo it except to revert back to an earlier saved file.  If the user clicks to install the file, virus protection has been compromised.  Business owners, office managers, and operations managers – update your employees.  Many of you forwarded the last Tech Tip to all of your staff and your friends, please feel free to do that again with this one. They need to know how to defend their computers and your networks against this virus. 

This virus enters the user’s mailbox as a Trojan horse, meaning it is disguised as a harmless file.  Buried under a pdf file, there lives an executable that launches and installs the virus when the user clicks the pdf extension.  Once the executable installs the virus, it begins communicating with its server.  It begins using an advanced encryption to code all of the users’ files without causing any signs of performance loss.  At this point, the virus turns into ransomware.  It launches a clock with a countdown, explaining to the user that they have a descending amount of time to pay the ransom before the files are encrypted forever. 

Do not make payment.

Instead, you must immediately have your computer cleaned and then rolled back to a save point.  Any work done on those files,  after the last working save point, will be lost.  This is the harsh reality.  You must be vigilant right now; each member of your organization needs to understand this.  You cannot open files from people you do not know, it will be a huge risk to your company and to your hard work.

So again – you are your best antivirus!!  Do not open email attachments from people you don’t know.  Not even if they look like the most legitimate company in the world – you don’t know them and you don’t know what they are sending you.  ALSO, don’t treat backing up your computer like a chore that you would rather skip.  Backups are your friend; they are worth the effort! 

We are offering a special right now.  For all of our clients, we will initiate a ticket upon request to investigate your current backups and confirm that they are properly timed, can be properly restored, and will make any suggestions as to what you can do to strengthen your situation.

For all other companies, we are willing to do an assessment at your site and review your methodologies.  From there we can make suggestions and identify any potential errors you may have in your arrangement.

We are concerned for your companies, please be safe!!

Wikipedia has a great write up of this CryptoLocker. Please read more if you are interested, but above all be your own antivirus and make good decisions about what you are opening.

Also, our PC Repair Manager, Charles, also did some research and found a great document called,

How to prevent your computer from becoming infected by CryptoLocker(From US-Cert)PreventionUS-CERT recommends users and administrators take the following preventative measures to protect their computer networks from a CryptoLocker infection:

  • Do not follow unsolicited web links in email messages or submit any information to webpages in links
  • Use caution when opening email attachments. Refer to the Security Tip Using Caution with Email Attachments for more information on safely handling email attachments
  • Maintain up-to-date anti-virus software
  • Perform regular backups of all systems to limit the impact of data and/or system loss
  • Apply changes to your Intrusion Detection/Prevention Systems and Firewalls to detect any known malicious activity
  • Secure open-share drives by only allowing connections from authorized users
  • Keep your operating system and software up-to-date with the latest patches
  • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams
  • Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks
  • Remove any USB Devices while they are not in use to prevent infection from spreading to attached devices

You can also use the Windows Group or Local Policy Editor to create Software Restriction Policies that block executable from running when they are located in specific paths. For more information on how to configure Software Restriction Policies, please see these articles from MS:http://support.microsoft.com/kb/310791
http://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx

Charles has compiled a list of notes that I can send for further information, please email This e-mail address is being protected from spambots. You need JavaScript enabled to view it for his additional notes.

 

To view your Technology and Beer Tasting Invitation, please go to: 

http://www.pronetsinc.com/general/151-you-are-invited.html