The New “VirRansom” Virus Could Prove Costly For Business
A new virus has been discovered that silently appends itself to all of a user’s files and spreads silently as the files are shared. When the virus activates, it locks the files and displays a ransom demand. This is a new type of threat and also a significant risk to both businesses and home users. Imagine every file you touch becoming infected, leaving you unable to access them again.
What is VirRansom?
Ransomware is not new but the method in which VirRansom works is new. Traditional ransomware is actually malware. Most users get it by opening a seemingly urgent email about an overdue bill, IRS warning or an efax that has been waiting for them to view. When opened, the ransom malware executes a script that encrypts, or locks, any picture file, document or spreadsheet using an encryption method that usually cannot be broken. A splash screen is then displayed demanding money be sent to some overseas account in order to unlock the files.
VirRansom is different in that you may not know that you have it yet and spread it to others. VirRansom appends itself to a file and spreads through file sharing. The virus continues to self replicate and await activation. The user will never know they are infected until that time and then it has already done it’s damage.
How To Protect Yourself
Be Diligent
Be especially aware of suspicious emails. If you do not use eFax, do not click on an email about “your” eFax account. The IRS will never contact you via email. I have even seen one about EZPass. It looked very real. However, when was the last time EZPass emailed you about your account? Probably never. Some of the subject lines may be:
- Payroll Received by Intuit
- ADP RUN: Payroll Processed Alert
- Payroll Manager Payroll Invoice ADP RUN
- Payroll Processed Alert Annual form ACH Notification
- Annual Form – Authorization to Use Privately Owned Vehicle on State Business
- DNB Complaint – (Number)
Be careful of attachments, especially zip files. If you are not certain about their credibility, do not open them.
Misspellings are also a big indicator. I have often wondered how much more successful these types of attacks might be if their author checked for grammar and spelling.
Have a Multi-Layered Security Approach
Using antivirus as the sole level of protection does not work. There are too many variants of malicious software to protect against them all. At Snap Forward, we use a multi-layered approach with all of our clients to ensure that when one method of protection is bypassed or defeated, another is in place to block a serious business risk. Having a security plan with multiple layers of security to guard against the multiple vectors of attack is absolutely necessary to stop a potential nightmare situation.
Backup Your Data
Backup is not a set it and forget it process, regardless of the marketing material that states otherwise. Do not trust the security of your critical business data based on the promises of a company not ultimately responsible for the well being of yours. Even the best backup software has faults.
Regular audits are required to ensure that the single decision to open an infected email does not destroy every bit of data in your company for good. Even a few weeks of lost data for most successful businesses can be costly, if not devastating.
In addition, discuss the process of recovery with your vendor. If your network becomes infected with a devastating virus that requires re-installation of critical systems, the downtime alone will cost you client satisfaction, new client acquisition, inhibit service delivery, and possibly discredit you in the eyes of those that expect you to have your house in order.
Should You Pay the Ransom?
While some people have reported success in retrieving their files with similar ransom schemes, I would not recommend paying the money. If so, only as a last resort. The person on the other end of the virus has proven themselves dishonest by the very nature of the issue. I would not trust them to be honorable once they have your money.
Get the Word Out
VirRansom and the overall crypto threat has been one of the most devastating malware and virus infections that we have seen in a long time. It is more than a nuisance, it is potentially business ending. VirRansom attacks the most important thing to any business, their data. Properly planning for infection, planning to avoid infection, and disseminating information about this threat to your employees, friends and family is vital in ensuring that your business and personal information is not lost forever.