Computer Virus

Posted by & filed under IT News, IT Security, IT Support.

The PC Support Group has issued a warning to all computer users about a type of computer virus attack which appears to be affecting an increased number of systems in recent weeks.

This relatively new type of malware is capable of bypassing anti-virus/anti-malware protection by changing its appearance, and until anti-malware software is made aware of the new ‘strain’ it isn’t able to block it.  This process can take hours from when the virus is released and as a consequence there is a window of time where systems are particularly exposed and vulnerable to attack.

The Malware that appears to be particularly virulant right now is a type of virus known as “Ransomware”.  Its purpose is to encrypt as many files as it can gain access to. These files are rendered useless until either a ransom is paid (usually costing a few hundred pounds), or an IT expert can clean the virus and recover the files from backup (assuming there is a backup, and even then any changes since the last backup would be lost).

If you are on a company network and have a high level of access privileges to shared files and folders, then the damage can extend far beyond your own files and potentially infect all the files throughout the business.

The best case scenario is that a lot of time is lost in the business whilst this recovery takes place; the worst case is that business permanently loses invaluable information that could result in the business being forced to close.

How to spot the risks

The e-mails tend to derive from seemingly “official” sources and contain information requiring immediate action.

  • Examples seen so far have been purporting to come from: Companies House, Inland Revenue, Fedex, UPS, DHL
  • The topics of the emails can vary, but typically sound official and maybe a little worrying.  For instance an email we’ve seen purporting to come from Companies House states “This message has been generated in response to the company complaint submitted to Companies House WebFiling service.”

Additionally, and crucially, there will be an attachment.  This attachment is what contains the deadly malware and must not be opened under any circumstances.  A tell-tale sign that it may be suspect will be if it ends in ZIP.  Following the example from Companies House, the attachment is called “Case_2053WK.ZIP”.  It’s very unlikely that you will ever receive a legitimate email containing a ZIP attachment, and you will rarely receive an email from an official source containing any attachment at all due to data protection and information security reasons.  If you do wonder whether an attachment is legitimate and suspect it might not be, contact the sender by phone to check before opening it

If you suspect you’ve been infected

  • Logoff and shutdown immediately to prevent further infection and damage to data files
  • Contact your IT Support provider straight away and don’t log on again until you are advised to do so

Further information

http://www.infosecurity-magazine.com/view/35045/cryptolocker-the-ransomware-theres-no-coming-back-from/

http://pctechnix.ie/cryptolocker-ransomware-your-files-held-to-ransom/

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information