For the first time, Apple confirmed over the weekend that Macs have been infected with a variant of one of the pernicious ransomware viruses out there. It appears that it came in through an infected copy of “Transmission,” a program that is used to transfer data on the BitTorrent peer-t0-peer file sharing network.
This has been a long time coming and it should raise a flag for Mac users who have previously not felt they had much to worry about. While (this time) it only affects a specific sub-set of users this time, it proves that this type of ransomware can infect Macs. And since it truly does encrypt files, without a backup the only options are to pay the ransom or lose your files.
The same rules apply to Mac users as all the PC users out there – offsite backups are the way to go. You should always have an offsite backup, ideally one that you rotate throughout the week, to ensure that if you are infected you can roll back to previous versions of your files.
Additional details here and here if you are interested in further reading.
As always, feel free to call if you have questions.
Ransomware like Cryptolocker has been the bane of my existence for a while, and a new variant called Locky is beginning to make it’s presence known. Like all ransomware, it encrypts the files on your computer and once this has been completed, a message pops up informing you that you need to pay a ransom in Bitcoin to retrieve your files. There isn’t a fix for any of the variants I have found so far – you have to restore from backups.
A new variant called “Locky” is starting to show up and it seems just as bad as the original. So far it appears to be spread through email attachments. Victims receive an attachment that says something like “Invoice” and appears to be a Word document, but when you open it you see what appears to be garbled text. A message on the top says you should click to “enable macro if the data coding is incorrect.”
Of course, “Enabling the macros” doesn’t actually fix the document, it installs the malware on your computer. It will encrypt any files it can find, including mapped network drives, and the only solution aside from paying the ransom is to restore a previous backup. If the malware had access to a locally attached backup that will likely be encrypted too, so you will need to have an offsite backup to actually restore.
I’ve had a few clients pick up this virus and it is something I dread. So far everyone that has gotten it has had an offsite backup (I think most clients do at this point) but it’s always a worry.
The bottom line is, (as always!) if you aren’t expecting an attachment from someone, just don’t open it. Even a trusted contact could send this to you if they were infected and didn’t know it, or if their email address was spoofed (faked). If you aren’t completely certain it’s a legitimate attachment, give the sender a quick call and ask if they sent something. In addition, you can always forward suspicious emails and attachments to me and I will be happy to take a look or scan them for you.
If you are interested in a little more in-depth information on Locky, you can find an excellent article from Sophos here, and as always, please feel free to call me if you have questions or suspect you may have an issue.