Atlantic, Tomorrow's Office Blog

Atlantic Tomorrows Office has been remediating issues with some of our Managed IT clients who have become infected with the CryptoWall ransomware exploit. This malware is becoming more prevalent, and to date none of the major virus protection programs such as AVG, Symantec, Kaspersky and McAfee have been able to come up with a method of blocking the Trojan.

CryptoWall is similar to the well-known CryptoLocker Trojan.  Once executed on your PC, the malware encrypts your user files with an unbreakable code and prompts you to pay for the decryption key.  Once the malware is removed, the recovery process is to restore your files from backup, which will cause any updates made since the last good backup to be lost. 

Please note that this is a Trojan exploit and NOT a virus and, as such, is difficult for antivirus programs to stop.  This is why users with up-to-date antivirus are getting infected. Below are recommendations to help your firm avoid getting infected by this crippling application: 

-          Advise the employees in your firm to question all of their attachments - this is the single best way to avoid infection.  The majority of these infections are caused by unsuspecting users opening files that are attached to emails.

-          Before clicking on a link, regardless of who it’s coming from, users should hover over the link with their mouse to see if the URL is the same as said link.  For example, make sure if an email says “click here to retrieve your fax” that you verify (by hovering) that the link takes them to the fax service you utilize.   When it doubt, simply leave the link alone and visit the fax service website to retrieve the data. 

If anyone is unsure of an attachment, they should resist the urge to open the attachment to see if it is ok.  Check with the author of the email in question.

While there’s no sure-fire way to guarantee you will not encounter CryptoWall, good judgment and caution will get you a long way towards keeping your files safe.

Regards,

Frank Oriente  |  Director of IT Operations

This notice is to advise you of a severe virus that has been affecting computers worldwide. CryptoLocker encrypts user’s files, and warns that a “ransom” of $300 needs to be paid in the near future or the files will be deleted. People have reported that they paid the ransom and did not have their files restored. Click here for additional information on the attack, or visit the Department of Homeland Security’s website for additional reference material.

In the event you encounter the CryptoLocker please contact our help desk immediately by emailing Atlantic IT Support (atlanticitsupport@tomorrowsoffice.com) or by calling 212-507-9420.  We have the ability to remove the malware for the affected user’s workstation, however it is not possible to un-encrypt the files.  Our support staff will be able to restore the affected files from your most recent backup, so it is important to ensure you have recent copies of the files.

The delivery of the virus has been done through several methods such as fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. It is important to remind your staff to use best-practices to avoid being infected by CryptoLocker and other attacks:

•         Use caution when deciding to view unsolicited email.

•         Treat email attachments with caution.

•         Don’t click links in email messages unless you are certain of the origin.

 Bill McLaughlin  |  Chief Technology Officer