New security threat: CryptoWall

security

In October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this – CryptoWall – has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn’t go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:

  • Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
  • CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn’t paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
  • Payment servers can’t be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn’t go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:

  • Don’t open any suspicious attachments – Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
  • Don’t open emails from unknown sources – Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you don’t use. Chances are high that they contain some form of malware.

Should your files be attacked and encrypted by this malware, then the first thing you should do is to contact us. We can work with you to help find a solution that will not end up in you having to pay the ransom to recover your files.

If you are looking to learn more about CryptoWall malware and how to boost your security and protect your data and systems, then we could you your first line of tech defence.

Published with permission from TechAdvisory.org. Source.

5 Ways to secure online activity

security

As businesses continue to implement more and more Internet-based systems, there is always the risk that systems could be breached and security compromised. If you conduct business online, there are a number of measures you can take to ensure that your activities and your company’s vital information are secure. Here are five.

1. Use two-factor authentication whenever possible

Two-factor authentication, or two-step authentication as it is also known, is the idea of using two pieces of information to log into accounts: Your usual password and a code that is usually sent to a mobile device or generated by a code generator.

By utilizing this safety feature, you can further increase the security of your accounts, largely because the chances of someone getting their hands on both the generated code and your password are slim.

Some sites don’t use a code and instead ask a question that needs to be answered every time you log in. If this is the case, make the question something that is difficult for a hacker to guess. For example, use your address from 10 years ago instead of your current address.

2. Audit who has access to what data

Between all of your online accounts and social media profiles you will likely be surprised at just how much information about you can be found online. There are a multitude of scare stories online, where someone has had their accounts hacked and identity stolen, largely because they had left pertinent information online without even thinking about it.

It is a good idea to audit what information you have online. This includes looking at the contact and personal information you have on social media profiles, account information, etc. Ideally, if it is not necessary information, then it shouldn’t be shared. As for social media profiles, make sure only the absolute basic personal information is online and limit who can see this information.

3. Watch what is posted on social media

Because of the nature of social media, we often feel the need to share our whole lives online. This can often lead to oversharing, and even sometimes oversharing of personal information. There are stories online of thieves monitoring social media for businesses posting about how they are going to be closed for a holiday, with all staff gone. Once a thief finds this information, they then break into the business without worrying about people being there.

If you are going to share information online, be sure to limit the potentially sensitive information that you post, especially if the content is shared with the public.

4. Change your passwords regularly

It seems like almost every week news breaks of a password or account information breach. What this translates to is the fact that your accounts are always facing a potential risk. Therefore, you should make it a habit to change your passwords on a regular basis.

Most experts recommend at least once every three months, but if there is a breach where your account information may have been leaked then naturally change your passwords straightaway.

To ensure maximum security, you should use a different password for each account, and keep these as separate as possible.

5. Work with an IT partner who can offer enhanced Internet security

Ensuring that your business is secure online can be an on-going battle that you will likely not win easily. One of the best steps to take is to work with an IT partner like us. We offer a variety of Internet security solutions that can help stop malware intrusions before they infect your systems, block access to potentially harmful sites, and even scan Internet-based email solutions. In other words, we can help improve your overall online security.

If you are looking to learn more about how we can help your business be secure online, contact us today.

Published with permission from TechAdvisory.org. Source.