Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and costly ransomware to come. “Ransomware authors are always looking for bigger payouts and to further their reach,” said Joe Marshall, security research manager with Cisco Talos. “We believe ransomware authors are going to look to past successful campaigns when they look to cast a wider net in the future.”

CryptoWall Ransomware makes a resurgence...


Cryptowall ransomware is on the rise again after a spam wave attempting to spread the virus was uncovered by the security experts at Bitdefender. 

Hackers were said to have sent out messages to potential victims in the UK, the US, Australia and other European countries, having located their servers around the globe to spread the malware, which encrypts a person's files before demanding payment for their release.

We have been warning about the dangers of ransomware for several years now. 

Catalin Cosoi, chief security strategist at Bitdefender, said: "Interestingly, in this instance hackers have resorted to a less fashionable yet highly effective trick to automatically execute malware on a victim's machine and encrypt its contents - malicious .chm attachments."

Chm files are compiled HTML documents often used to deliver instruction manuals for software, but are susceptible to mischief because of their ability to direct users to external URLs via JavaScript code.

"Attackers began exploiting .chm files to automatically run malicious payloads once the file is accessed," Cosoi said. "It makes perfect sense: the less user interaction, the greater the chances of infection."

The crooks behind Cryptowall are thought to be targeting company networks through fake fax reports that spoofs computers in the victims' domain to disguise the nature of the attack.

In the past those behind the virus have sought to spread the malware through malvertising, with the ransomware having overtaken CryptoLocker last September in terms of financial damage, according to Dell.

Since the destruction of infrastructure used to spread CryptoLocker and the associated trojan GameOver Zeus last summer, the Russo-Ukrainian gang behind the viruses is thought to havemoved on to other malware, including more sophisticated bits of ransomware like Cryptowall.

**ALERT** Ransomware is on the Rise...

 "I seriously just want to throw my computer out the window and forget about it completely. I am just done with it"

"We bought a Mac because everyone told us it wasn't possible to get Viruses on a Mac. Now my whole business is gone. What can I Do?" 


Ransomware on a Macbook

These are only some of the disheartening comments I have received lately as I was handed computers to repair that were infected with the latest and nastiest ransomware out there. Ransomware, a particularly troublesome type of malware, is a malicious software that denies you access to your computer or files until you pay a ransom to have access restored. I have encountered three different types of ransomware, "Screen Lock" based, "MBR" Based and "Encryption" based. I have removed this software from more than 20 computers since February alone. A MASSIVE increase from previous years.  Both of the first two are extremely difficult to remove, but can be dealt with and in most every case, your data saved. The latter however, "Encryption" based is becoming more and more common and may be one of the worst forms of malware ever. The software takes over your machine, and "encrypts" or converts all your data into a specific code that requires a key to unlock. Unless you pay person who infected the system, you will be unable to get the code to unlock your files. And a new, especially nasty virus has hit the scene, known as CryptLocker.


CryptLocker at work...

This software uses incredibly strong cryptography to lock all your files that you have permission to modify, INCLUDING THOSE ON EXTERNAL DRIVES connected to the machine, and NAS or Network Attached Storage devices. Once infected, it displays a random message demanding payment withing a certain timeframe, which is normally 3-5 days from the date you were infected. Payment is always demanded in the form of an anonymous prepaid cash service like MoneyPak, Ukash, cashU, or Bitcoin. As of this writing, there are no known consumer level software tools for removing this nasty virus. The only solution has been to pay the criminals. Decryption is incredibly difficult, if not impossible, unless you have access to the private key the cybercriminals set up. If you get infected, without paying, there is a high probability you will never see your data again. 


Here are some tips to help: 

  • NEVER leave Your External Backup Drive hooked up to your computer when done. Backup, and when finished, Disconnect it.  
  • DO NOT open attachments in emails unless they are from close trusted family members or friends, and even then, do not open attachments EVER with the file extensions: .exe, .zip, .rar, .bat
  • Regularly back up your files. Do both local OFFLINE backups and Online Backups through services like Carbonite. If you are unfamiliar with how to perform local backups of your data, see these great tools from Acronis, Genie 9, and Rebit 5. And if you prefer, Rethink Associates provides quality backup solutions as well. Let Us do it for you!

If you become infected with any of these viruses or any others:

  • Immediately Disconnect all external drives from your system to prevent infection.
  • Disconnect you computer from the Internet, as some of these spread to other computers on the network.  
  • Contact Rethink Associates so that we can help!