The following a warning sent by Daemon at Footprint IT to his clients. As we are aware of several people who have also been attacked recently, we thought we should share this with you! Please feel free to pass on this information and beware of all emails that have attachments.
CRYPTO VIRUS WARNING
A couple of weeks ago a client reported an infection by a crypto virus (aka “ransom-ware”). Between the time it was first seen and the infection taking hold was about 2.5 minutes. It not only encrypted every datafile on his computer, where it was opened but it also encrypted all data files on the 3 computers in his network, and missed the 4th for the simple reason that it had run out of battery and was off network.
The ransom demanded initially was about $617 in bitcoin, which of course my client had no way of getting and didn’t have a clear indication of what the bitcoin was. By the time we got to the point of having him back online the amount of money demanded was almost $2000.
The initial infection came from a “PDF” file ostensibly from Australia Post. As there had been no publicity and the client was in fact waiting for something from Australia Post, he went ahead and opened the attachment, launching the file.
It was only the fact that the notebook which he usually took home had all his “1-drive” files on it for off-line use were we able to get anything back, short of paying the ransom.
I have noticed on Gmail this morning that they are now identifying these infections and refusing to download the attachments, however that change has only come into place this morning, because when I received one yesterday, it was most certainly downloadable.
Please BE CAREFUL OF ALL ATTACHMENTS. The crypto virus has no way of being undone at this stage except by payment of the ransom.
If you do not have an off-site backup process in place, and you are a small business depending on Excel, Word and MYOB files, and use an email client on your computer, please think about setting up an online backup process, outside of Google Drive or 1 drive. It appears that dropbox may also be susceptible, but I have no external confirmation of that.
If you have any questions, of course feel free to call me or text me on 0432 121 833.