For a change, this article has nothing to do with scaffolding. Based on Scaffolding Software’s extensive experience, we were compelled to write this article to help the general public understand the dangers of poor security against what we believe to be worst type of computer virus of all time.
Infection
In Australia this virus usually arrives within EMAIL as an ATTACHMENT, pretending to be from a trusted source like:
- energy company
- tax department
- telecommunications company, or even
- government agency, eg. Australia Post concerning a failed parcel delivery to you.
CRYPTOLOCKER often disguises itself as PDF or. DOCX but may alternatively have a .VB filename extension (Visual Basic – a programming language and a sure sign of WARNING, if found in an email). Sometimes the attachment will be a ZIP file, containing another file with the virus.
Figure 1: Above shows sample virus in attachment
A variant of the virus requires the user to enter a CAPTCHA code first, suggesting it has secure and authentic information to give you.
Another pathway for the virus is via your network if it is exposed to the outside world via Remote desktop or Terminal services.
Peter from Scaffolding Software says: ‘If your network is exposed with a very common password, such as “welcome” or “password” it can become infected in as little as five minutes’.
How it works
OPENING the email ATTACHMENT will activate the virus. In its most common form, this means all your files on your hard drive become encrypted. More sophisticated variants are capable of finding network drives and encrypting all files on those as well.
If you attempt to open an encrypted file then gobbledegook may be displayed. Alternatively, the file might not open up at all.
Usually only certain data file types are affected, eg. Office, OpenDocument or CAD files.
SOLUTIONS
BACK UP YOUR DATA
…safely and securely. This is the best possible insurance policy for you and your company. It protects against viruses, system crashes causing loss of data and simple mistakes. Backups need to be done frequently and then disconnected from your PC and network. There should always be at least one backup kept offsite, i.e. on the Cloud or at another office.
If you have a recent safe backup, you can recover from any attack.
When was the last time you backed up your iRent® data?. . . Provide a guard against data loss and make sure you have a recent off site backup.
STAY ALERT
As they say: “Prevention is better than cure”.
The virus takes advantage of Windows’ default behaviour to hide file types from the user. You might want to change it so they are shown, allowing nasty EXE files to be weeded out. Also, keep your ear to the ground at all times, regarding current information out there in the media to do with scams, viruses and frauds.
Being a piece of software, the key to Cryptolocker’s malicious success is the requirement for YOU to open/run it, obviously by accident. Prevention, therefore, means: NEVER OPEN ATTACHMENTS WITHOUT PROPER SCRUTINY.
- Check the sender’s email address. Is it legitimate?
- Does this person/organisation send information by email? Most banks, for example, do not.
- Cross-check. It only takes a few seconds to type some useful words into a search engine, perhaps taken directly from the email or attachment file name. This could save the day.
You might be dealing with a CLONE virus of Cryptolocker that uses a different name but performs essentially in a similar way.
RELIABLE SECURITY SOFTWARE
Make sure it’s from a reputable supplier and KEEP IT UPDATED!
Although your scanner can be set to check files automatically, it never hurts to double-check; for example, right-click the item and choose to do a scan yourself immediately before opening it.
Anti-virus software has, generally, improved its protection against Cryptolocker over time. A big negative is that such software needs to do a lot of work in the background, potentially degrading the performance of your PC. Many people turn off aspect of the scanner to speed things up or, worse, choose to go without a current virus scanner.
Not all security software can detect all threats or this might happen only after the encryption has started.
Figure 2: Above shows very recent email containing the Cryptolocker virus
PAYING THE RANSOM
If your system becomes infected and your own backups were insufficient, there may be no solution except to consider pay the ransom.
The police will urge you not to do this. There is NO GUARANTEE that payment will allow you to regain control of your files. Besides, it only encourages more of the same.
Payment usually via bitcoin. At rates as high as 1 bitcoin, this could equate to over $6000 USD.
If the culpritis an “honest” criminal then a decryption key will be provided, allowing you to get your data back.
Rick from Scaffolding Software says: ‘Some of our clients paid the ransom and a few different decryption keys were provided to allow them to get their files back’.
ALWAYS TAKE PRECAUTIONS immediately after paying any ransom. Despite the time and effort required, you would not want the same thing to happen again soon after.
If you want to be a good community member, consider helping out others by posting some info about what happened, in a useful place on the Internet.
By Shane Fincke and Richard Muratti.
February , 2019