A new variation of the Cryptowall ransomware is again targeting Australian businesses, and it's nastier than ever.
Last year, organisations across Australia fell victim to cryptolocker ransomware attacks, whereby malicious software, usually delivered via an email attachment or link, installs itself on your PC and starts encrypting files so you can't access them. The criminals behind each attack then request payment of a ransom from you for the key to unlock your files. Once it takes hold, this kind of attack can infect your entire network, including cloud data services like Dropbox or OneDrive.
The new variations we're seeing now have evolved to have even more serious consequences for their victims. In the past, the file extensions of encrypted files were changed, providing a method for identifying which files were affected and how far the attack had spread through the network. Now, the file name and extension remains unchanged, meaning that you must replace ALL your data from backup and not just the affected files.
What this means for you is that IF your company is attacked, you WILL EXPERIENCE DOWNTIME and it's quite likely that some FILES WILL BE PERMANENTLY LOST.
What can you do about it?
- DO NOT open any attachments that you are not 100% sure of. The latest variations of this attack appear to be delivered via ZIP files.
- DO NOT click on links in emails without checking them first. Hover to verify the display text and actual link are the same. Looks for all the usual spelling and grammar signals that an email may not be what it appears.
- DO NOT rely on your anti-virus checkers to catch all malicious software. Threats evolve daily - always be vigilant.
- DO make sure you have a robust backup and recovery plan in place.
- DO share this information with your colleagues to help reduce the risk of infection in your organisation.
If you suspect your network has been compromised by a ransomware attack, please request support immediately.