Recent reports indicate that a new version of the notorious malware Cryptowall, a type of ransomwware, is now upon us. First seen in 2014, Cryptowall is a variant or cousin of Cryptolocker, which first appeared in 2013. This malware can be extremely disruptive to your business flow as any computer on your network that is infected with it will have all of it’s user files (Microsoft Office, photos, etc) encrypted with a link to purchase a decryption key. In addition, the malware won’t stop with files on the infected machine: it will also encrypt any user files it finds on mapped network drives that the infected computer has access to as well. The encryption incorporated is currently considered unbreakable using existing technology so the choices are simple:
- Consider your encrypted files lost
- Pay the ransom and hope you get a decryption key
- Restore affected files from a backup copy
If you think you can simply revert back to a pre-infected version of your system, think again: reverting back to a system restore point won’t load previous (prior to being encrypted) versions of your user files. In addition, it’s likely that the malware will disable the system restore feature anyway as this is part of it’s mission — disable restore points and volume shadow copying.
“That sounds terrible!” you say. “But I’m protected because I have a good antivirus program installed.” Unfortunately, as far as malware and computer viruses are concerned, there is currently nothing that stops everything; the bad guys are constantly making changes and modifications to their systems. Think about that for a minute.
So what can you do to protect yourself and your business?
- Make sure you have good anti-virus / anti-malware software installed and up to date. No, it won’t stop everything, but it does stop a lot
- Have a good backup
- Practice good user habits – don’t open email attachments or files from someone you don’t know and if a web link is questionable, don’t click on it
If you begin seeing files on your computer that are encrypted, shut down your computer immediately and contact your IT professionals. At the very least, disconnect the infected machine from the network as quickly as possible to lesson the damage to other files on the network.