Earlier this year, I wrote about what was then the newest and most widespread malware infecting computers worldwide, known as CryptoLocker. At the time I referred to it as “Game-Changing Malware.”
There have been quite a few developments along these lines since then, and this type of malware has become one of the most destructive threats of all time. Most of these developments have been of what we would have to consider a negative variety, but there is also a ray of good news thrown in for some victims of a CryptoLocker infection. First, here is a review of the evolution of encrypting ransomware over the past 10 months.
Evolution of encrypting ransomware, September, 2013 – August, 2014
Just about the time the original CryptoLocker was starting to make a significant impact (and a lot of money for its authors), a variation appeared that looked very much like the original. The infection methods were the same, the encryption was apparently done in the same way, and the message that showed up on the infected computer was almost identical to the original. There were only two obvious differences.
The original CryptoLocker initially set a price of $100 for the decryption key; this imitator demanded $300. But by that time the original authors had also raised their price to the same $300. The original gave the victim two options for paying the ransom – either a MoneyPak non-refundable debit card or payment in Bitcoin; the imitator would only accept payment via Bitcoin.
But on further analysis, several anti-virus vendors determined that this imitator was most likely produced by a totally different programmer or, more likely, programming team. They discovered that it was written in a different programming language from the original, and many other differences became apparent upon disassembly of the program and comparison to the original.
Since then, at least 6 similar programs have been released into the wild with a CryptoLocker-type payload. These are known generically as encrypting ransomware, and they continue to spread and evolve into even more-sophisticated threats. Most of these variants are obviously different programs, produced by different programming groups, each with its own twist on the distribution, payment amount and payment mechanism, and the message that is displayed after the user’s data files have been encrypted. Continue reading
Important virus phone scam information
The fraudulent caller informs you they have detected a virus on your computer and asks you for personal information and a form of payment to assist you with removal. They also may try to lead you to let them connect to your computer remotely.
D.M. Web & Computer Support reports that these calls are still coming in daily to our customers in Georgia.
This is a dangerous hoax
We have received reports that consumers have been contacted by a company representing themselves as Microsoft or various other computer brands. Microsoft does not make unsolicited phone calls to fix your computer. Do not provide any personal information or payment methods. Hang up. Continue reading
I am seeing a few cases of Virut Virus on customer’s computers brought into my shop for virus removal. Virut is one of the very destructive viruses. This virus attacks executable files (programs) on your Windows computer anytime they are accessed. This causes massive infection to your programs and the operating system. This virus infects USB hard drives and USB flash drives as soon as you insert them in an infected computer. Be careful sharing USB media with friends or re-introducing the virus to your computer after a repair. I always caution my customers of this fact when I perform virus removal for them.
Virut Virus Description
Virut is a polymorphic file infector with some additional features. It spreads all around the drive and infects even files infected by another virus previously. The only symptoms are a strange HDD activity while infecting, and also unwanted TCP traffic. Virut tries to connect into an IRC network under the user name “Virtu” and take control of your computer to do harm. Unfortunately, the cleaning of this virus is very difficult or almost impossible. Continue reading
You know what the most amazing part about Heartbleed is? It was around for two years before any news came out about.
And it also affected about 2/3 of all internet servers.Doesn’t it seem amazing something like this could happen in the internet of 2014? It just goes to show you anything can happen in the technological world.
Besides Heartbleed, let’s take a look at some of the most destructive viruses in the history of the internet and see how you can protect yourself from having something like them attack you in the future. Below are the Top 5 Viruses and How They Have Impacted Data Security :
- Cryptolocker (2013): This virus is one of those in a newer category called “ransomware.” These viruses literally seize control of your PC, and force you to pay a ransom to get the use of it back. If you don’t do it within the specified time period, you permanently lose access to all data on the affected PC. Researchers believe it’s literally impossible to remove the Cryptolocker virus by any means other than paying the ransom once you are affected.
- Stuxnet (2009): This was the first virus actually intended to cause damage in the real world. It attacked software that controlled industrial systems. It was designed to wreak havoc in Iran’s uranium enrichment program. It successfully caused some centrifuges to spin out of control.
- Conficker Virus (2009): This virus infected millions of computers, causing the criminals to be able to steal private information, including financial data. It was so sophisticated that it was difficult to stop once in place.
- Agent.btz (2008): A lot of good actually came out of this one. The good that happened was the US Cyber Command was created to stop cybercrime threats. The bad in this whole situation was it allowed the creator of the virus to transfer information to computers under someone else’s control. It’s unclear whether or not this was done by foreign cyber criminals, but that is the prevailing belief.
- Zeus (2007): Though it didn’t attack on the scale of other viruses, Zeus nonetheless was very damaging. It was the basic tool cyber criminals used to steal passwords and other confidential information.
How to Strengthen your Data Protection
To protect yourself from these viruses, or any others, you have to pay attention to the same old basics of internet safety:
- Use antivirus/antimalware software at all times.
- Never open an e-mail attachment or click on a link from an e-mail address you don’t recognize.
- If you get a strange e-mail message from someone you know, don’t click the link or the attachment. Assume the account has been hacked and the e-mail sent to you without permission from the real owner of the account.
- Never visit websites you don’t trust.
- Use a firewall.
- Keep your PC and servers fully updated.
Cyber criminals move fast. It’s tough to keep up, even if you are an IT pro. If you can’t take care of all of this, you can always hire a managed network services provider to take care of your data security and protection for you. Couple that with a remote monitoring tool to trigger alerts on hardware failures and vulnerabilities, and you won’t have to worry about being a victim.
Symantec just released a highly in-depth report about the state of the antivirus industry, and frankly I find it fascinating. Here are a few tidbits:
- Shaoxing, China was malware capital of the world last month.
- According to the company’s research, nearly 30 percent of all malicious attacks came from China
- The most common file types attached to all malicious emails were .XLS and .DOC.
- The most dangerous file type was encrypted .RAR files.
- .XLS and .DOC each accounted for 15.4 percent of file attachments.
- The top four most common file types (.XLS, .DOC, .ZIP and .PDF) accounted for 50 percent of attached files.
- Despite being just 0.32 percent of attached files, .RAR files were compromised 96.8 percent of the time.
- .EXE files were compromised just 15 percent of the time.
- At 95.7 percent, Hungary was the most spammed country in March 2010.
- At 1 in 90.9 emails, Taiwan was the most targeted country for email-borne malware in March.
- At 1 in 254.8 e-mails, Britain was the most active country for phishing attacks in March.
Cryptolocker has been rearing its ugly head lately and it is probably one of the worst viruses out there because it hijacks your data with encryption and then charges you $400 to remove the encryption.
Some antivirus programs are powerless to stop this infection. In most cases, infections seem to be caused by viruses embedded in email links or attachments. As always, please be careful when opening email, even if it is seemingly sent from one of your contacts. It is always best to write the person directly and ask them if they intended to send you the email before opening it. Learn to recognize the signs of fake emails (misspellings, weird capitalization, strange grammar, etc.).
Let us know if you have any questions.
Ransomware is a type of malware that tries to extort money from you. CryptoLocker forcing you to pay hundreds of dollars to regain access to them. Malware is no longer created by teenagers, current malware is now produced by organized crime.
Ransomware may be more up-front, hook deep into your system. This malware could be bypassed, malware removal tools or just by reinstalling Windows.
Unfortunately, Ransomware is becoming more and more sophisticated. This is the latest examples, CryptoLocker, starts encrypting your personal files as soon as it gains access to your system, preventing access to the files without knowing the encryption key. CryptoLocker then displays a message informing you that your files have been locked with encryption and that you have just a few days to pay up. If you pay them $300, they’ll hand you the encryption key and you can recover your files. You can never be sure that the criminals will keep their end of the deal.
This type of malware is another good example of why backups are essential. You should regularly back up files to an external hard drive or a remote file storage server. If all your copies of your files are on your computer, malware that infects your computer could encrypt them all and restrict access or even delete them entirely. Continue reading