CRYPTO / RANSOMWARE is doing the rounds….
If you see the below screen DO NOT close any programs DO NOT shut down your computer! CALL an IT professional for Help, and as a general rule DO NOT leave Backup drives attached! if you are already completely enc rypted this course of action won’t “fix” anything…
For this particular attack you need to have a what if plan ready, would you be willing to pay the ransom? If yes, then the virus needs to be able to
“Call Home” to report it’s unlock code. If not then the best course of action may be to literally pull the plug! As always, the best backup plan is to have adequate backups!
This new round of Crypto appears to be a scheduled attack, meaning it is set to run at a set time/date. The attacks we have seen in recent weeks ran at about 10pm. This causes 2 issues:
- We can’t trace how it is getting in, because we don’t know when it happened.
- It has not only encrypted all of the data but also everything connected to the machine including any attached Backup Drives. So let’s revisit our Back up rules.
- Have more than one backup in rotation (2 is good, 3 is optimal)
- Make it someone’s job to check the backups are successful! No use just hoping.
- (this is a new one) Check the machines aren’t already infected BEFORE changing the drive! Do it at the end of the day. A lot of receptionist will come into the office and change the back up drive on their way to make a coffee, you have now just destroyed both backups.
Of course, this advice is general and doesn’t account for all possible configurations, if you are concerned and would like to check your vulnerability feel free to contact our office.