Post by Omen on Mar 4, 2015 17:51:57 GMT -5
Crypto Virus Alert
Please be aware, there is an updated Crypto Virus infecting computers everywhere. It is considered Ransomware it is almost impossible to recover from. I have encountered it three time so far and only one of the companies infected with it recovered by rebuilding their network from backups.
The Crypto Virus encrypts your files and then requires a ransom of $500 USD in Bitcoins in order to get a decrypter. Some persons may have experienced the effects of this virus and the impact it has on their organization. It does encrypt your files, it's not a fake warning or a joke. Once it is opened, it connects to all attached drives (USB, external HDDs, network drives, etc.) and embed itself into them while encrypting those files also. If the computer is rebooted, it begins to delete all Shadow Copies/Volumes of their data to block recovery.
The delivery is clever and very malicious:
• They attach it to unsuspecting customer support related email from FedEx, UPS, DHS, etc. When opened, the attachment will infect the computer.
• It comes in via a bogus eFax email. If you don’t have an eFax delete all eFax emails as they are fake.
• It uses exploit kits located on hacked websites which exploit security vulnerabilities on your computer to install the infection.
• Through Trojans which pretend to be programs required to view online videos.
You should NOT open any attachment you are not 100% confident is safe or click any unexpected or suspicious links sent to you from others. These messages should be deleted immediately if received.
What happens if you become infected with Crypto Virus?
When the infection becomes active on your computer, it scans your local and networked drives for documents, pictures, and other commonly used file types. It encrypts the files with a mix of RSA & AES encryption and hides the key.
The only current solution after becoming infected is to restore your files from a backup, Windows System Restore, or through Shadow Volume copies.
How do I prevent infection?
Unfortunately, this attack eludes many antivirus applications, because encryption is a normal function on a computer. It eludes SPAM filters, because it is dependent on the user to activate it once it has made it through the system. It is very difficult to stop and depends on users as the last line of defense.
When in doubt, please be safe and delete suspicious emails. Call the sender if you think it may have been something legitimate that requires your attention.
The current list of known CryptoLocker email subjects include:
USPS - Your package is available for pickup ( Parcel 173145820507 )
USPS - Missed package delivery ("USPS Express Services" <service-notification@usps.com >)
USPS - Missed package delivery
FW: Invoice <random number>
ADP payroll: Account Charge Alert
ACH Notification ("ADP Payroll" <*@adp.com>)
ADP Reference #09903824430
Payroll Received by Intuit
Important - attached form
FW: Last Month Remit
McAfee Always On Protection Reactivation
Scanned Image from a Xerox WorkCentre
Scan from a Xerox WorkCentre
scanned from Xerox
Annual Form - Authorization to Use Privately Owned Vehicle on State Business
Fwd: IMG01041_6706015_m.zip
My resume
New Voicemail Message
Voice Message from Unknown (675-685-3476)
Voice Message from Unknown Caller (344-846-4458)
Important - New Outlook Settings
Scan Data
FW: Payment Advice - Advice Ref:[GB293037313703] / ACH credits / Customer Ref:[pay run 14/11/13]
Payment Advice - Advice Ref:[GB2198767]
New contract agreement.
Important Notice - Incoming Money Transfer
Notice of underreported income
Notice of unreported income - Last months reports
Payment Overdue - Please respond
FW: Check copy
Payroll Invoice
USBANK
Corporate eFax message from "random phone #" - 8 pages (random phone # & number of pages)
past due invoices
FW: Case FH74D23GST58NQS
Symantec Endpoint Protection: Important System Update - requires immediate action
-Omen
Please be aware, there is an updated Crypto Virus infecting computers everywhere. It is considered Ransomware it is almost impossible to recover from. I have encountered it three time so far and only one of the companies infected with it recovered by rebuilding their network from backups.
The Crypto Virus encrypts your files and then requires a ransom of $500 USD in Bitcoins in order to get a decrypter. Some persons may have experienced the effects of this virus and the impact it has on their organization. It does encrypt your files, it's not a fake warning or a joke. Once it is opened, it connects to all attached drives (USB, external HDDs, network drives, etc.) and embed itself into them while encrypting those files also. If the computer is rebooted, it begins to delete all Shadow Copies/Volumes of their data to block recovery.
The delivery is clever and very malicious:
• They attach it to unsuspecting customer support related email from FedEx, UPS, DHS, etc. When opened, the attachment will infect the computer.
• It comes in via a bogus eFax email. If you don’t have an eFax delete all eFax emails as they are fake.
• It uses exploit kits located on hacked websites which exploit security vulnerabilities on your computer to install the infection.
• Through Trojans which pretend to be programs required to view online videos.
You should NOT open any attachment you are not 100% confident is safe or click any unexpected or suspicious links sent to you from others. These messages should be deleted immediately if received.
What happens if you become infected with Crypto Virus?
When the infection becomes active on your computer, it scans your local and networked drives for documents, pictures, and other commonly used file types. It encrypts the files with a mix of RSA & AES encryption and hides the key.
The only current solution after becoming infected is to restore your files from a backup, Windows System Restore, or through Shadow Volume copies.
How do I prevent infection?
Unfortunately, this attack eludes many antivirus applications, because encryption is a normal function on a computer. It eludes SPAM filters, because it is dependent on the user to activate it once it has made it through the system. It is very difficult to stop and depends on users as the last line of defense.
When in doubt, please be safe and delete suspicious emails. Call the sender if you think it may have been something legitimate that requires your attention.
The current list of known CryptoLocker email subjects include:
USPS - Your package is available for pickup ( Parcel 173145820507 )
USPS - Missed package delivery ("USPS Express Services" <service-notification@usps.com >)
USPS - Missed package delivery
FW: Invoice <random number>
ADP payroll: Account Charge Alert
ACH Notification ("ADP Payroll" <*@adp.com>)
ADP Reference #09903824430
Payroll Received by Intuit
Important - attached form
FW: Last Month Remit
McAfee Always On Protection Reactivation
Scanned Image from a Xerox WorkCentre
Scan from a Xerox WorkCentre
scanned from Xerox
Annual Form - Authorization to Use Privately Owned Vehicle on State Business
Fwd: IMG01041_6706015_m.zip
My resume
New Voicemail Message
Voice Message from Unknown (675-685-3476)
Voice Message from Unknown Caller (344-846-4458)
Important - New Outlook Settings
Scan Data
FW: Payment Advice - Advice Ref:[GB293037313703] / ACH credits / Customer Ref:[pay run 14/11/13]
Payment Advice - Advice Ref:[GB2198767]
New contract agreement.
Important Notice - Incoming Money Transfer
Notice of underreported income
Notice of unreported income - Last months reports
Payment Overdue - Please respond
FW: Check copy
Payroll Invoice
USBANK
Corporate eFax message from "random phone #" - 8 pages (random phone # & number of pages)
past due invoices
FW: Case FH74D23GST58NQS
Symantec Endpoint Protection: Important System Update - requires immediate action
-Omen
