I cannot emphasize it enough Be careful when opening any email attachment where you aren’t sure of the sender or the attachment!
If you don’t know who sent it, delete it; if it’s important the person sending it to you will contact you or you can call that person yourself. If you know the sender, but the attachment looks strange contact them first to make sure it’s legitimate before opening the attachment.
The reason for these warning reminders? CrytoLocker is continuing to spread and the cost is not just about having your computer or server cleaned up, it’s also whether or not your data was important enough to pay the ransom or do you take the time recreate the data? This is a costly piece of malware. It costs to bring in computer techs for the clean up and backup restoration, it costs if you decide you have to pay for the decryption key, and it costs time and productivity if you decide to recreate the files.
To many companies this seems miles away from them, but to bring it into perspective I’m now aware of 4 companies in the local Reno / Sparks area who’ve been hit with CryptoLocker.
Here is the current list of known email subjects from emails containing CryptoLocker, once reading them you’ll see why so many people are tempted into opening the attachment:
- USPS – Your package is available for pickup (Parcel 173145820507)
- USPS – Missed package delivery
- ADP payroll: Account Charge Alert
- Important – attached form
- McAfee Always on Protection Reactivation
- Scan from a Xerox WorkCentre
- Annual Form – Authorization to Use Privately Owned Vehicle on State Business
- My resume
- Voice Message from Unknown (675-685-3476)
- Important – New Outlook Settings
- FW: Payment Advice – Advice Ref: [GB293037313703] / ACH credits / Customer Ref: [pay run 14/11/13]
- New contract agreement.
- Notice of unreported income
- Payment Overdue – Please respond
- Payroll Invoice
- Corporate eFax message from “random phone #” – 8 pages (random phone # and number of pages)
- FW: Case FH74D23GST58NQS
- USPS – Missed package delivery (“USPS Express Services” <email@example.com>)
- FW: Invoice <random number>
- ACH Notification (“ADP Payroll” <*@adp.com>)
- Payroll Received by Intuit
- FW: Last Month Remit
- Scanned Image from a Xerox WorkCentre
- scanned from Xerox
- FW: IMG01041_6706015_m.zip
- New Voicemail Message
- Voice Message from Unknown Caller (344-846-4458)
- Scan Data
- Payment Advice – Advice Ref: [GB2198767]
- Important Notice – Incoming Money Transfer
- Notice of unreported income – Last months reports
- FW: Check copy
- past due invoices
- Symantec Endpoint Protection: Important System Update – requires immediate action
Quite a long list, but you can see how tempting some of these would be to open.
What to do to protect your priceless data?
Vigilance! is the key to preventing many malicious infections. A second thought about whether or not to open that email attachment can be the difference between getting CrytoLocker and keeping your network safe. Good group policies can also go a long way to preventing ransomware infections, they aren’t fool proof, but they do provide another layer of protection. Lastly every business should have a true enterprise backup solution in place!
Anyone looking to find out more about enterprise backup solutions should give Top Speed a call, don’t leave your network unprotected!