Computer virus getting right through antivirus protection

Oct 24, 2013   //   by nick   //   Blog  //  No Comments

I was at a client site here in Wallingford, CT yesterday and went head to head with the newest malware threat known as CrytoLocker. Online attackers are using encryption to lock up our files and demand a ransom and unfortunately antivirus software probably won’t protect you. In the case yesterday this threat got right through a well known security software suite. I was able to remove the threats which had actually violated two computers on the domain, one of which was totally locked down with encryption and unfortunately this particular user was forced to sit and wait for us to arrive. I came across an article online associated with this latest threat and found it interesting. I have included ways to defend yourself from this latest threat — pass this information along to friends, family, and business associates. Forgive me if I sound a bit like those bogus virus warnings proclaiming, “You have the worst virus ever!!” But there’s a new threat to our data that we need to take seriously. It’s already hit many consumers and small businesses.

CryptoLocker shows up in two ways:

First, you see a red banner on your computer system, warning that your files are now encrypted — and if you send money to a given email address, access to your files will be restored to you.

Second,you can no longer open Office files, database files, and most other common documents on your system. When you try to do so, you get another warning, such as “Excel cannot open the file [filename] because the file format or file extension is not valid. This malware goes after dozens of file types such as .doc, .xls, .ppt, .pst, .dwg, .rtf, .dbf, .psd, .raw, and .pdf.

There are three modes of attack with this threat:

1) Via an email attachment. For example, you receive an email from a shipping company you do business with. Attached to the email is a .zip file. Opening the attachment launches a virus that finds and encrypts all files you have access to  including those located on any attached drives or mapped network drives.

2) You browse a malicious website that exploits vulnerabilities in an out-of-date version of Java.

3) Most recently, you’re tricked into downloading a malicious video driver or codec file.

There are no patches to undo CryptoLocker and, as yet, there’s no clean-up tool — the only sure way to get your files back is to restore them from a backup.

Some users have paid the ransom and, surprisingly were given the keys to their data. (Not completely surprising; returning encrypted files to their owners might encourage others to pay the ransom.) This is obviously a terrible option but for some it was their only known option at the time.

Keep in mind that antivirus software probably won’t prevent a CryptoLocker infection. In every case I’m aware of, the PC owner had an up-to-date AV application installed. Moreover, running Windows without admin rights does not stop or limit this virus. It uses social engineering techniques and a good bit of fear, uncertainty, and doubt to trick users into clicking a malicious download or opening a bogus attachment.

Ensure you keep complete and recent backups of your system. Making an image backup once or twice a year isn’t much protection. Given the size of today’s hard drives on standalone PCs, an external USB hard drive is still your best backup option. A 1TB drive is relatively cheap and you can get 3TB drives for under $200. For multiple PCs on a single local-area network I would advice you to look into cloud based back up solutions. Small businesses with networked PCs should have automated workstation backups enabled, in addition to server backups. At my office I use Mozy Pro and also sell and support the software to our clients.  I run the backups during the day, while others in the office are using their machines — and I’ve had no complaints of noticeable drops in workstation performance.

Once again keeping your internet security software up to date is always absolutely necessary. The hackers using this exploit are adapting the virus so quickly that AV vendors can’t keep up with the many CryptoLocker variations in play. It’s up to individual users to stay vigilant about what they click. The bad guys just keep getting badder.

Leave a comment

Mr. Computer