Ransomware is evolving and soon will share the same deadly efficiencies as notorious worms of the past, such as Conficker and SQL Slammer. In fact, according to security researchers at Cisco Talos, today’s newest ransomware, SamSam, is a harbinger of a new wave of more malicious, tenacious and costly ransomware to come. “Ransomware authors are always looking for bigger payouts and to further their reach,” said Joe Marshall, security research manager with Cisco Talos. “We believe ransomware authors are going to look to past successful campaigns when they look to cast a wider net in the future.”

Not Safe Anywhere: Jigsaw ransomware deletes more files the longer you delay paying

Not Safe Anywhere: Jigsaw ransomware deletes more files the longer you delay paying

Malware researchers have released a tool that can decrypt files affected by the new threat

Understanding how to buy bitcoins and pay ransomware authors for decryption keys is hard enough, yet some cybercriminals now expect their victims to do it in under an hour if they want all of their files back.

A new ransomware program dubbed Jigsaw encrypts users' files and then begins to progressively delete them until the victim pays the equivalent of $150 in Bitcoin cryptocurrency.

**ALERT** Ransomware is on the Rise...

 "I seriously just want to throw my computer out the window and forget about it completely. I am just done with it"

"We bought a Mac because everyone told us it wasn't possible to get Viruses on a Mac. Now my whole business is gone. What can I Do?" 


Ransomware on a Macbook

These are only some of the disheartening comments I have received lately as I was handed computers to repair that were infected with the latest and nastiest ransomware out there. Ransomware, a particularly troublesome type of malware, is a malicious software that denies you access to your computer or files until you pay a ransom to have access restored. I have encountered three different types of ransomware, "Screen Lock" based, "MBR" Based and "Encryption" based. I have removed this software from more than 20 computers since February alone. A MASSIVE increase from previous years.  Both of the first two are extremely difficult to remove, but can be dealt with and in most every case, your data saved. The latter however, "Encryption" based is becoming more and more common and may be one of the worst forms of malware ever. The software takes over your machine, and "encrypts" or converts all your data into a specific code that requires a key to unlock. Unless you pay person who infected the system, you will be unable to get the code to unlock your files. And a new, especially nasty virus has hit the scene, known as CryptLocker.


CryptLocker at work...

This software uses incredibly strong cryptography to lock all your files that you have permission to modify, INCLUDING THOSE ON EXTERNAL DRIVES connected to the machine, and NAS or Network Attached Storage devices. Once infected, it displays a random message demanding payment withing a certain timeframe, which is normally 3-5 days from the date you were infected. Payment is always demanded in the form of an anonymous prepaid cash service like MoneyPak, Ukash, cashU, or Bitcoin. As of this writing, there are no known consumer level software tools for removing this nasty virus. The only solution has been to pay the criminals. Decryption is incredibly difficult, if not impossible, unless you have access to the private key the cybercriminals set up. If you get infected, without paying, there is a high probability you will never see your data again. 


Here are some tips to help: 

  • NEVER leave Your External Backup Drive hooked up to your computer when done. Backup, and when finished, Disconnect it.  
  • DO NOT open attachments in emails unless they are from close trusted family members or friends, and even then, do not open attachments EVER with the file extensions: .exe, .zip, .rar, .bat
  • Regularly back up your files. Do both local OFFLINE backups and Online Backups through services like Carbonite. If you are unfamiliar with how to perform local backups of your data, see these great tools from Acronis, Genie 9, and Rebit 5. And if you prefer, Rethink Associates provides quality backup solutions as well. Let Us do it for you!

If you become infected with any of these viruses or any others:

  • Immediately Disconnect all external drives from your system to prevent infection.
  • Disconnect you computer from the Internet, as some of these spread to other computers on the network.  
  • Contact Rethink Associates so that we can help!