Help With CryptoWall And Ransomware

Affordable, fast help with CryptoWall and ransomware infections for businesses in Fairfax, Centreville, Chantilly, Dulles, Gainesville, Herndon, Leesburg, Loudoun, Manassas, Reston, Tysons Corner, and Vienna

Network Security Solutions Fairfax, Centreville, Chantilly, Dulles and throughout Northern Virginia

CryptoWall variants, which encrypt and hold your vital systems and data for ransom, continue flexing their corrupting muscles on computers and users worldwide. CryptoWall “ransomware” first appeared in February of 2014, and by October of last year, the UK Register revealed that 830,000 victims had been infected.

Fast forward to September 2015, and McAfee Labs reports the number of new ransomware samples are up 58% in Q2 2015, as the ransomware “business” continues to grow by holding companies’ vital data hostage.

CryptoWall and similar ransomware often enter business networks through email, like many other forms of malware. But one particularly scary aspect of ransomware is that it can be spread via “malvertising,” so that we’ve seen compromised banner ads on legitimate websites like Yahoo, AOL, and MSN. The infection is transmitted via Flash, so if a user simply visits an affected website with Flash enabled in their browsers, the user’s PC can be infected without even clicking on anything malicious. This means most anti-virus programs are unable to prevent CryptoWall, leaving any computer and user vulnerable.

How does CryptoWall work?

Similar to notorious past ransomware examples like CryptoLocker: once the virus gets inside a host computer, it connects to illicit servers; uploads sensitive info like your public IP address, location, and system information; and generates a random encryption key. That key begins copying individual files, both on your computer and on any mapped external drives, shared networks, and cloud-based storage. Once encrypted copies of those files are created, originals are deleted from the hard drive, preventing users from accessing them.

How do we know if we’ve been infected?

There are two telltale signs of CryptoWall or similar ransomware infections:

  1. If you attempt to open a file and the data is jumbled or not displaying properly, and
  2. If you attempt to open a file and get something like “DECRYPT_INSTRUCTION” instead.

This will provide instructions for paying a ransom (usually $500 to $1,000) and obtaining a decryption key, which sometimes works to retrieve data and sometimes doesn’t. Even when it does, it’s a time-consuming task.

It is also possible that you may notice that your computer is slower than usual while CryptoWall does its work, before you see either of the two signs above.

What should we do if we suspect our systems have been infected?

Consider powering down infected devices and removing them from any networks to which they may be connected. This can help limit the damage and data loss.

Contact Us for Immediate Help

We can help limit the damage, remove the infection, and assist with data recovery. Time is critical – the sooner we can help, the less of your valuable data may be encrypted or lost for good.

What can we do to avoid infection?

  1. Have a trusted IT professional assess the security of your systems.

    Due to the slippery “malvertising” aspect of CryptoWall and its continually-evolving form (funded by successful ransoms) , stopping it requires more than just anti-virus and a firewall. Limiting admin rights for user PCs, applying DNS filters, implementing strict browser settings, and employing constantly updated behavioral anti-spyware can help. But these are complicated measures that most business owners don’t have the time or ability to keep up with. Only nonstop vigilance can properly address the CryptoWall threat — and that kind of 24/7 service is what an IT professional like CMIT Solutions specializes in.

  2. Update your devices – mobile, workstation, server, and network gear.

    Today, most software updates – whether for your mobile devices, desktop, laptop, server or network gear – include security improvements intended to address discovered security flaws. You can help reduce the exposure of your devices, systems, and network by installing updates for them as soon as they are made available.

  3. Implement regular, remote backups and a sound disaster recovery plan.

    Businesses should be creating comprehensive image-based off-site backups multiple times a day. If a virus like CryptoWall hits a 20-person firm at 4:00 PM, and that firm has to rely on an encrypted backup from the night before to get up and running again, those employees will lose an entire day of work. Remember, a local backup plugged in to a computer will still be susceptible if CryptoWall infects your system!

  4. Do not open ANY email or attachment from ANY sender you don’t recognize.

    Although CryptoWall can be found in Flash-based “malvertising”, it can still arrive in email, so email security is still paramount. Never open attachments you aren’t expecting, even if they appear to come from legitimate-looking email accounts.

  5. Validate ANY link in ANY unfamiliar email before clicking on it.

    Malicious links arrive in spam emails — many disguised as FedEx, UPS, or USPS shipping updates — every day. Make sure you hover over all links and look for legitimate IP addresses, not long strings of random characters, before clicking. All it takes is one click on one bad link by one employee to compromise the data of your entire company. Avoiding the threat of viruses like CryptoWall is possible with diligent and continuously updated security measures. But accidents can happen, which makes a strong backup solution critical to the success of your business.

  6. Implement a business-class email security/spam filtering solution to add a layer of security to your network.

    Today, most email services come with a basic spam management capability to help manage obvious spam. But dedicated, business-class email security/spam filtering solutions offer more advanced protection through improved feature sets for spam detection and handling, and also can prevent spam – and attached malware or links – from ever entering your email system and IT infrastructure. If it stays out, it can’t infect your network and encrypt your vital business data.

Want to keep your systems and data secure?

Contact us today