Those of you who watched Carte Blanche on Sunday night [23 August 2015] will have been reminded about the severity of the rapidly spreading data encryption calamity currently doing the global rounds - but which is particularly pervasive in South Africa [a known gullible target]. Let us talk about what to look out for, what it does and what you should do if this happens to you.
This is not a "virus" in the normal sense and so few if any anti-virus programs will detect or block it. All the third party mail and virus scanners are useless if anyone on the office network gets conned into allowing this nasty threat to break through into your systems.
What to look out for?
Currently the destructive program is being spread around by both spoofed emails [very clever ones at that] and by malicious websites.
- The spoofed emails often seem to come from someone you know well and are cleverly worded to trick you into opening an attachment, most often a ZIP file which the email says contains something you have recently asked for - or a funny joke / picture or whatever may prick your curiosity. You are off guard because you think it comes from a contact - so you open the attachment - and within seconds all the data on your device becomes encrypted and inaccessible to you or anyone else. Shortly after that it spreads throughout the office / home network and infects every other device connected by network cables or over wifi - including your servers and their data.
- The malicious websites often spoof familiar websites and so look like the real deal [say a bank website - or more likely the popular free music or picture download websites, porn sites, joke sites, quotation sites etc]. You are tricked into taking a download link - and boom your device becomes infected.
What is does?
It exploits a legitimate process available to anyone on almost any device - the ability to encrypt your data so no one else can make sense of it. This is fine if you encrypt it yourself under the device's setup as you will have the encryption key to unlock and access the data. However, if someone else encrypts your data and keeps the unlock key - you have no way of unlocking the data without the key. They then demand a ransom to provide you with the key and if they don't get paid in time they destroy the key and your data is gone forever. Worst of all - they get to encrypt your backups as well if they are not entirely off-site and unattached to the network. Most backup systems are attached all the time for regular backups and restores!
What to do if you think your device has been affected?
IMMEDIATELY switch your device off and if connected by a network cable - remove it from its socket and call for help. Your device will have to be rebuilt from scratch using special and time consuming procedures. If a server is affected the impact will be on everyone in your office - and the time to rebuild will be considerably longer!
Please take heed of this warning - the threat to any firm is huge and the losses will be considerable.
Editor: Thanks for the heads-up John, this is a reality and just because people are not publishing their own Ransomware nightmares does not mean these are not happening. Speak to any IT service providers and they will confirm that these attacks are real.