151 Water Street, Augusta, ME

(207) 623-2700 info@capcomp.com

New Virus Threat: Ransomware

They’re here, and they’re nastier than ever.

Ransomware is the newest virus to sweep the internet and it’s wreaking havoc wherever it goes.

Microsoft released an alert about a new ransomware strain called ZCryptor. It works like a worm and is capable of copying itself to removable and network drives. Other “popular” strains are Locky and TeslaCrypt. What they all have in common is that these viruses use fake installers, usually for Adobe Flash. Along with macro-based booby-trapped Office files, they distribute the ransomware.

Most ransomware spreads via email with malicious macro attachments or a fake Adobe Flash Player installer. The ransomware is installed on the user’s computer once the fake Adobe Flash update installs or an attached Office file is allowed to run macros. The first thing it does is to gain PC restart persistence by adding a key to the computer’s registry. After this, it starts to encrypt files.

Once encrypted, a”ransom note” appears demanding the user to pay for a decryption code. Sometimes the fee is exponentially increased if the victim does not reply within a certain amount of time.

“As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today by PhishMe. That was up from 56 percent in December, and less than 10 percent every other month of last year. And the number of phishing emails hit 6.3 million in the first quarter of this year, a 789 percent increase over the last quarter of 2015.”

Maria Korolov (CSOonline)

The best ways of keeping yourself safe are to not open documents address you don’t know. We also recommend backing up your files, whether on a cloud, or an external drive. Backups are the safest, fastest way to get back up and running if you get attacked.

If you find yourself a victim of ransomware or you want to learn how to better protect yourself, please come in to Capitol Computers or call us at (207) 623-2700.