Cryptowall 3.0 attacking Australian businesses: Alert Priority High
A new variant of the ransomware known as Cryptowall is believed to be attacking Australian businesses. Attacks using Cryptowall 3.0 encrypt your files, and the malicious individuals behind the malware demand payment for the key that enables you to decrypt the files. These payments can range from a few hundred dollars to more than $10,000.
Businesses are advised to protect their existing computer systems and ensure that critical data is backed up to limit the damage caused by an attack.
Stay Smart Online has provided alerts about a number of ransomware attacks in the past, most recently in May 2015. Most ransomware attacks operate largely in the same way.
Cryptowall 3.0 uses an exploit kit capable of attacking vulnerabilities in Adobe Reader, Adobe Flash, Internet Explorer, Java, and Silverlight. Most computers run at least one of these programs.
Once attacked, the victim’s computer is redirected to the ransomware download page on Google Drive, where the malware is automatically installed on the user’s computer (the malicious file is contained in a zip file called resume.zip and is named my_resume_pdf_id-###.scr). The ransomware then searches for various files on your computer, in particular Microsoft Word documents.
The ransomware then encrypts these documents, deletes the originals, and alerts the victim that they need to pay a ransom to get their files back.
While there have been reports that files are recovered if the ransom is paid, this does not protect your computer against further attacks. The attacker may simply encrypt your files again. For this reason, responding to extortion is not encouraged.
In order to protect yourself and your business from a ransomware attack, you need to ensure that you do not browse suspicious sites, install untrusted programs from the internet, or open email or social media attachments from unknown or untrusted sources.
Ransomware can be installed by exploiting vulnerabilities in older versions of software. You can protect yourself by ensuring that updates for all of your programs are installed automatically as soon as they are available. In addition, ensure that you have an up-to-date antivirus solution running.
If you are attacked by the ransomware, seek immediate technical advice. Remove the ransomware from all infected computers and recover the files from backup.
If your computer has been compromised report the incident to the Australian Cybercrime Online Reporting Network (ACORN).
ACORN provides information on how to recognise and avoid common forms of cybercrime, such as hacking, online scams, online fraud, identity theft, attacks on computer systems and illegal or prohibited content, as well as offering advice to those who have fallen victim.
ACORN makes it easier and more convenient to report cybercrime to a law enforcement agency.
Information for this Alert has been supplied by Webroot.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.