Ransomware Concerns

We are starting to see some of our customers being hit with the Ransomware viruses (CryptXXX, TelsaCrypt, etc.) that are becoming extremely wide-spread. One of these is an embedded access server (CCure Site Server). We also had an office machine hit due to, what we think, was an outdated version of Adobe Flash. We were able to restore a backup of the machine, but it also hit Dropbox, which uploaded to their server. This was recovered, but required their assistance and took a few days.

For those unfamiliar, these viruses/trojans encrypt specific files, such as .jpg, .pdf, .xls, .doc and many others, usually changing the file type to something like .crypt. Text files are put into each infected folder with instructions on how to pay to unencrypt the files, usually for $500 to $1000, with no way to guarantee that paying will actually get you your files back. The CCure Site Server was actually hit with a lock screen that prevents it from even booting into Windows Safe Mode.

Personally, I think we are seeing the beginning of what is going to become a major problem. These have been around for years, but the more I read about them, the more I'm developing a "sky is falling" mentality and the more I think we're seeing the tip of the iceberg.

Has anyone else encountered these, either personally, or through your business? What steps are you taking to protect your machines, as well as your customer machines? It seems that these viruses are slipping through AV software and once they've encrypted their target files, are deleting themselves to avoid detection.

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

***. *** *** ******* ******** ***** *** **** ** ****** it? **** *** ***** ******* ** **?

**** ** * ******** *** *****. *******, *** **** **** a ****** ***** * ***** ***, ** ****'** **** **** to *** * *** ****** ****. **** ****** ** ** connect ** ** *** ******* ** **** **** ***** ****** in, *** ** *****'* ****** *** ** ****. ***** ** paying *** ******, * ****** ***** ***** **** ******* ***** do ****.

**** ***** ** ********* *** *****? *****/****** ********, ***** *************, governments, ***? ***** **** *** ****, *'* ******** **'* * small ** ******* ******** **** ****** *****'* **** * ****** network ******** ****, *** ****'* * *****.

*** **, *** ****** ** ****** ******* ******** ** *** client ****. ***** ** **** ** **** **** *********** *** do ** ***** ***** -- ** *** ******* *** **** secure ******** *** ***** (***** -- ***** *******...******** *** ******-**** secure ******** ** *** ******? ** ***** ** *** **********...), but ** *** *** **** *** ** *** ** ******** and ********, ** ***** ** **********.

***** ** * ****** **** ********* **** ** **** **** Networks, *******, ********, **, *** *** *** ********* *** *** they ***, *** **'* *** **** ***** **** ** *****. Whether **'* * ********-********* *** ** ******* ******* ******* *** prevent **********, ****-*** *********, * ************ ******** ******* ** ************, etc -- ******* ******** ** ******** * *** **** *** everyone.

*** ***'* *** ****** ***'* **** *** ********* ** ****** a ****-***** ******* ******** ****, **'* ****** ****** ************ *** that **** **** *********. ****** ********** ** * ****** ***/** cloud-based ******** ** *** **** *** * *** ** ***** smaller ********* **** ** **** ** ********** **** *** ***** types ** ******* ******* ****** * ****** ** ****** *** spending * *** ** ***** ** ****** **.

*******:***** ********** ******* ** ***** ********** ** ****** ********, ***** to ****** ******.

****** **** ******* ****** *** ***** ***** ***...

** **** *** **** **** ********* **** ****. * ***** it **** ** **** * **** ********* ***** ******* ******* account ** ***** ******** ******** ******* *************, ***** ****** **** may **** **** ** ******** *** ** ***** ****. *** office ************* ** ** **** * ***** **** **** ********** the **** **** ****** ******* *** ******* *******.

** **** **** ****** * ***** *** ******** *** *** to *******, *** *** *** **** **** ** *** ****** restoring ***** ***** ******* ****** **** *** ******* ******** **** versions. *** ********** ****** *** ** ******** * **** ***** of ****.

*** **** ****** ********* ***** ***** ** ********** ********** **** is ****** * **** ****** ** *** *****. *** ****** is ******** ****** ** ********, **** *** ***** ****-******* ******** on *** ************ ** **** ******* ******. **** ******** ** course ** ** ******* *** *** ** ********** *********. ******* that ** *** ***** ******* **, ********** ** *** **** a ******* ** *********, ** ******** *** ******* *********** ** the ***** ** *** ******* ** ** ** **** **** what ** ****. *** ****** *************'* ******** *** **** **** to ****** ***** ** *** ****** ** ******* ** ******* and ** ****** ******* ******* **** *** ********** **, ***** was ***** * ******* ** *** ******* *****. **** *****'* able ** ****** ***** *********. ** ********* *** ******** ******** and *********** *** ** *** ******** **** *******.

** ***** **** ***** ** **** *** **** **** **** for * ***. **** ** *** ***, **** **** ******* the ******** ** **** *****, *********** ******** **. ***** *** little *** ******* ****** ***** **.

****, *****... *** **** **** **** ***** ******** ****** ******* with *** **** ****** **** **** **** *** *****.

**** ********** ***** ** ************ ********** **** ***** ****** *******.

*'** **** *** **** *****, **** ***** **** ** **** you *** ********** **** ** *** **** **** ****. **'* even **** ******** *** *** ********** ****** *** ** **** want ***** **** ****.

*** **** **** **** ******* ****** **** **** ***** ******* your ***** *****.

*** **** **** **** ******* ****** **** **** ***** ******* your ***** *****.

**** ********* ****, **** *** **** ******* *** * ****** RMR, ********* ******* ******.

** ***** **** ***** ** **** *** **** **** **** for * ***.

***** ** ****** ** ******** ** **** ** **** *** pen ******* *** *******...

**** ** ** ***** *** **** **** ** ******.

*****://****.************.***/******-********/****/**/******-**********/

** **** ****, ** ***** *** ******* ** *** ** makes * **** *** *** *** ******* *** ** ****** the **** **** ******* *** **** ********.

*** *** ***** *********** ******* ****'* ***** *********...