Over the past few weeks a particularly nasty piece of malware has begun attacking Windows PCs around the globe. Employing a public/private key pair, this malware encrypts data files (some reports say system files as well) on a user’s PC before presenting a demand of $300US ransom for the decryption key.
Several victims have reported successfully recovering their files after paying the ransom but, as of this writing, the command and control centre has been taken offline and this option is no longer available. The nature of malware suggests that this stunt will soon be replicated.
There is no fix for this issue. Because this malware uses encryption, which is a legitimate business application, to create havoc, anti-virus software is useless against it. Recovery via your backup system is the only viable resolution.
Tips for Avoidance
- Employ the principle of “least permission required”. Do not run a Windows PC with administrative rights. Make network shares read-only when possible. This can limit the scope of damage done by rogue processes.
- Educate/remind employees about opening attachments from unknown sources and suspicious attachments from known sources.
- Employ web-filtering tools. Web filtering solutions can block all traffic to an IP address and therefore offer some protection as sources of the malware become known.