CryptoLocker warnings

Don't just read, reply! Start your own threads, don't be shy, likeminded people may appreciate your thoughts! Talk about anything VNA related or not!
Post Reply
User avatar
DrDave47
Lt. Colonel
Posts: 2883
Joined: January 2nd, 2015, 12:08 am
Location: South of Anchorage, Alaska

January 20th, 2015, 12:49 am

I belong to a group of people that share information about Virus, Trojan (the electronic kind), Malware and the like alerts. Though CryptoLocker came out last fall, it's still a problem, and is even now being spread via ads on Facebook, Yahoo, and other sources. I'm providing this latest warning as a FYI. Vicky, maybe it's not such a bad idea that Facebook has locked you out, besides all the hassles it could be worse, a LOT WORSE. And this industry is just the type to attract just such an attack.

On to the latest warning. I do NOT represent the people nor recommend products discussed here, only wish to provide this info as a heads up, and to keep our guard up.

:scared:

CryptoWall 2.0

As you can tell from the name, CryptoWall 2.0 is another example of encrypting ransomware, following in the footsteps of CryptoLocker. Like CryptoLocker, CryptoWall 2.0 follows best practices in the way it encrypts the user’s data files. What that means is that the encrypted files cannot be decrypted by the user or you or me, other than by paying the ransom demanded by the producers of the malware.
The dramatic surge in CryptoWall 2.0 infections can be attributed to their latest distribution method. They are now using poisoned ads on sites such as Yahoo, AOL, and Match.com to infect networks. The web site visitors impacted by this malvertising are people who run vulnerable versions of Adobe Flash Player.
Stu Sjouwerman, of KnowBe4.com, wrote a blog post on the subject that lays it out very nicely. He, in turn, quotes from a blog post by ProofPoint that goes into much greater detail on the exploit. Stu’s post is here: http://blog.knowbe4.com/bid/398952/Ad-b ... sh-Victims.
To summarize, there is no good excuse for any user to suffer a significant loss of data or money as a result of a CryptoWall 2.0 infection. Some of the advice we’ve been dishing out for years still applies, so here are the highlights:

Subscribe to a cloud-based, automatic backup service. External hard drives, thumb drives, and mapped network drives will all be encrypted by any of these ransomware programs; only a cloud-based backup service is beyond their reach.
Use a commercial (paid) Internet Security Suite, keep the definitions up to date, and perform a full scan daily.
Add secondary protection against encrypting ransomware, such as CryptoPrevent.
Apply all Windows Updates automatically, as soon as they are released.
Keep Adobe Flash, Air, Reader, and Shockwave updated at all times; ditto for Java, QuickTime, RealPlayer, and other ancillary programs.
Be suspicious of any links in e-mails, even those to apparently legitimate sites.
Be especially leery of opening any attachment, especially from alleged shippers (UPS, FedEx, DHL, or USPS)

With these precautions in place, it is unlikely the user will fall victim to an encrypting ransomware attack. And if they do, you can easily restore their unencrypted files from the cloud-based backup you have set up for them.

- Ken Dwight "The Virus Doctor"

DrDave47
:crash:
Top
Post Reply

Return to “VNA Chatter”