News

12 Oct 2013

Virus Warning – Critical

This from our trusted I.T. network guy at CX Network:

We’ve seen, over the last few days, a sophisticated ‘ransomware-style’ virus mostly targeting accounts staff / ‘accounts@xxx.com’ email addresses with a ZIP attachment.
The attachment name has varied each time, but has so far been named in a way that would suggest it is a legitimate email for an accounts role, eg. “tax_invoice380.zip”.

The virus inside that zip file has so far at least partially evaded 5 different antivirus products over the last few days, including all of the Tier-1 products.

Unlikely almost all previous email viruses, this virus payload is *devastating*.

It scans your computer and network drives for word, excel, PDF and other common document types, then encrypts them with an algorithm that would take more than 18000 years to crack on a typical high-end computer.
In a nutshell, these files are permanently damaged and will need to be restored from backups.

So far in the 3 days, we’ve had to restore entire servers / workstations for 6 clients from backups (I’m still in the process of restoring some now).
We’ve also had 1 sad instance where the server backups have been encrypted / damaged as well and another 2 individuals / home businesses that have not kept proper backups and lost nearly *every* document.

The heart of this email is:
1.       Please be extremely careful not to open up zipped email attachments. Unless you know for certain it’s both a clean email and also from someone you were expecting to receive a zipped attachment from, don’t open it.
2.       Backups. Backups. Backups.
3.       Even the best antivirus is not always guaranteed to protect you in every instance. The human brain is always the best at identifying suspicious email attachments.
4.       Backups, again.

Until the antivirus vendors sort our their detection signatures for this particular virus/Trojan, please pass this info on.images

Subscribe

Published monthly since 1991, our famous AV industry magazine is free for download or pay for print. Subscribers also receive CX News, our free weekly email with the latest industry news and jobs.