A new, extremely dangerous “ransomware” type of infection has appeared that encrypts all data and backups. “Ransomware” has been around for some time but this one is very powerful in the worst kind of way.
Built-in Windows Security along with third party antivirus and security programs may fail to block it. The example we saw had a fully updated Windows operating system yet still became infected. It’s the most powerful and malicious infection we have ever seen.
All files stored on the computer are at extreme risk, if attacked. If the compromised computer has access to other computers such as a server, that too is at risk. Any backups may become encrypted, making them useless.
To date there is no way to recover from the attack. All data, including backups and financial data, is lost. In one case the attackers demanded $5000 for the decryption key, with no guarantee that the decryption actually works. If no paper copies exist of your data, there is no way to recover anything unless you roll the dice and pay the ransom.
Fortunately, nearly all security issues and attacks can be avoided by simply not responding to the attackers method of contact – such as emails, phone calls, or fake websites.
- Never click on anything inside an email. Always go directly to the vendors website to resolve any issues. There are ways to detect if a link in an email is legitimate, but it requires specific knowledge regarding what to look for. That is outside the scope of this warning.
- Never click on anything inside a social media email notification supposedly from Facebook, Twitter, Instagram, LinkedIn, etc. Go directly to those websites and login normally. If possible, unsubscribe from those emails.
- Never type in your password after clicking on something inside an email. Always go to the website in question and log in normally.
- If you receive an email or suddenly encounter a website indicating there is supposedly a shipping issue from Amazon, Ebay, UPS, FedEx, DHL, etc., never click on anything inside that email. Go directly to the website and investigate if you must. If you never ordered anything, delete it. If your department has nothing to do with shipping, delete it.
- If you see an email or website indicating there is a problem with your account and you must “confirm”, “verify”, “activate”, or whatever, never click on anything inside of the email or website. Go directly to the vendor or company website and work on the issue that way.
- Never, ever, ever allow someone to remote into your computer based on a random phone call you receive claiming your computer is sending out viruses or some such nonsense. Just hang up and ignore
- Never, ever, ever call so-called “tech support” based on a message you receive while browsing the Internet that says you are infected and you must “click here” or call a phone number that appears on the screen to fix it. Ignore it and exit the browser or, if that’s not possible, reboot the computer.
- Never open an attachment you are not expecting, even if it’s from someone you know. Call or email them and ask if they sent anything. Don’t reply to the email. Create a new email and ask. If you have to ask yourself “I wonder what this is?”, don’t open it.
- Any vague email or website that asks you to click on something “funny”, “shocking”, or “you won’t believe what happens next” – don’t. Ignore it. It won’t be funny but you may end up shocked for an entirely different reason.
For those with financial or shipping programs such as Quickbooks, Peachtree, UPS WorldShip, etc. We strongly recommend making backups onto flash drives on a daily basis using their built in backup programs, then unplugging the flash drive for safe keeping. Never insert a flash drive if you suspect an infection is present on the computer. The flash drive may be instantly infected.