As many of you already know from news reports, this ransomware has spread rapidly since last Friday and affected hundreds of thousands of systems worldwide. So far, it seems to primarily be spread through e-mail attachments, and affects Windows PCs and Servers. Once it has been downloaded, it encrypts the files on the affected system, as well as any other files it can reach through the network, such as mapped server drives, and pops up a ransom demand. It’s difficult or impossible to recover your data once it has been encrypted, so this a very serious issue.
On the bright side, it is extraordinarily unlikely to affect most of you as long as your systems are up-to-date. Microsoft released a patch back in March that fixes the security flaw this ransomware takes advantage of, so if your PCs have the latest Windows security updates and patches you shouldn’t be affected even if you were exposed.
Ransomware has been circulating widely for several years now, and will likely continue to be an issue for the foreseeable future in one form or another, so there are a few things you should consider with regards to this issue, and others like it.
- Making sure your PCs and servers have the latest security patches. This is critical – if you aren’t sure this is happening, please let me know so we can verify.
- Downloading attachments is hugely problematic – most viruses and ransomware are spread through attachments at this point. If you are not expecting an attachment don’t open it, even if it is from someone you know – they may have been infected and their PC may be sending out viruses without their knowledge. If you aren’t sure but think it may be something you want, give the sender a quick call and verify that they intended to send you something. Also, consider sending files using a file sharing service like Dropbox or Sharefile rather than sending as attachments. These services are much more secure.
- Good antivirus and spam filtering can dramatically reduce the risk of these types of issues – nothing offers perfect protection, but making sure you have up-to-date, quality virus protection greatly reduces your risks and an offsite spam filter can stop most viruses before you download them in the first place.
- Have an offsite backup. If you don’t already, consider a cloud backup service like Carbonite. If you do get infected, ransomware can encrypt your backup drive(s) as well as you actual PC and server, rendering your backups useless. It is critical to have an offsite backup. I like Carbonite because it’s secure, HIPAA compliant, and runs automatically without the hassle of a staff member having to remember to swap backup drives and make sure one gets offsite. However you are doing it though, it is absolutely critical that you have an offsite backup of your data.
That’s about it for now. Be careful out there with your downloads and attachments, and as always, please let me know if you have questions.
Homeland Security has issued a bulletin recommending that QuickTime be removed from Windows PCs. QuickTime has been confirmed to have critical security vulnerabilities, which Apple has made clear will not be fixed as they are dropping support for QuickTime.
Not sure if you have QuickTime installed? If you’ve installed iTunes, you probably do, as QuickTime was often bundled with iTunes installations and updates. An example of the logo is above.
Because of the high profile of this security vulnerability and the lack of support for the product, I would suggest you do go ahead and uninstall QuickTime. You can do this through Add/Remove programs; and as usual, if you have any questions or problems removing it please let me know, and I will be happy to assist
*** Update ***
There is one caveat for folks who use Adobe’s Creative Cloud products to edit videos: apparently, there are apparently some codecs that remain dependent on QuickTime being installed. If you are using Creative Cloud to edit videos, this may be an important consideration. You may want to consider the pros and cons of removing it if this is your situation, or do your design work on a Mac for the time being.
A more detailed and in-depth discussion of the vulnerabilities and consequences can be found here if you are interested.
For the first time, Apple confirmed over the weekend that Macs have been infected with a variant of one of the pernicious ransomware viruses out there. It appears that it came in through an infected copy of “Transmission,” a program that is used to transfer data on the BitTorrent peer-t0-peer file sharing network.
This has been a long time coming and it should raise a flag for Mac users who have previously not felt they had much to worry about. While (this time) it only affects a specific sub-set of users this time, it proves that this type of ransomware can infect Macs. And since it truly does encrypt files, without a backup the only options are to pay the ransom or lose your files.
The same rules apply to Mac users as all the PC users out there – offsite backups are the way to go. You should always have an offsite backup, ideally one that you rotate throughout the week, to ensure that if you are infected you can roll back to previous versions of your files.
Additional details here and here if you are interested in further reading.
As always, feel free to call if you have questions.
Ransomware like Cryptolocker has been the bane of my existence for a while, and a new variant called Locky is beginning to make it’s presence known. Like all ransomware, it encrypts the files on your computer and once this has been completed, a message pops up informing you that you need to pay a ransom in Bitcoin to retrieve your files. There isn’t a fix for any of the variants I have found so far – you have to restore from backups.
A new variant called “Locky” is starting to show up and it seems just as bad as the original. So far it appears to be spread through email attachments. Victims receive an attachment that says something like “Invoice” and appears to be a Word document, but when you open it you see what appears to be garbled text. A message on the top says you should click to “enable macro if the data coding is incorrect.”
Of course, “Enabling the macros” doesn’t actually fix the document, it installs the malware on your computer. It will encrypt any files it can find, including mapped network drives, and the only solution aside from paying the ransom is to restore a previous backup. If the malware had access to a locally attached backup that will likely be encrypted too, so you will need to have an offsite backup to actually restore.
I’ve had a few clients pick up this virus and it is something I dread. So far everyone that has gotten it has had an offsite backup (I think most clients do at this point) but it’s always a worry.
The bottom line is, (as always!) if you aren’t expecting an attachment from someone, just don’t open it. Even a trusted contact could send this to you if they were infected and didn’t know it, or if their email address was spoofed (faked). If you aren’t completely certain it’s a legitimate attachment, give the sender a quick call and ask if they sent something. In addition, you can always forward suspicious emails and attachments to me and I will be happy to take a look or scan them for you.
If you are interested in a little more in-depth information on Locky, you can find an excellent article from Sophos here, and as always, please feel free to call me if you have questions or suspect you may have an issue.