Alert: More encrypting viruses and phone scams

Last week two unfortunate home computers were brought to us with Cryptowall infections on them. Cryptowall is a variant of Cryptolocker and both are infections that are called ransomware. These infections encrypt your files, rendering all of them unreadable and the only way out is to restore them from backup or pay the ransom. Once the ransom is paid you will receive the encryption key which can then be used to reverse the encryption process. You have a very short amount of time to purchase Bitcoins and pay the ransom before your recovery options run out.

How do computers get infected? Today the most frequent method is viewing photo’s using Adobe Flash. Flash is used by many websites and if the version on your computer is not up to date then you are vulnerable to this infection. The second most frequent method is opening an infected attachment to an email. These attachments are targeted to the accounts payable person and the shipping person in your company. They will say, “invoice attached” “UPS shipping confirmation” or something similar.

In 2013 we deployed a group policy to all domain joined computers in your network. It will apply to any computer running the business version of the windows operating system. There are things that can prevent it from applying so everyone still needs to be careful. Nothing is 100% when it comes to computer security. In addition we have recently added a block in your firewall to prevent the infection from calling home to obtain an encryption key. This covers 2 versions of these infections but there is a third one for which no block has been invented yet.

How can you be careful?

  • The #1 thing is to not store any files on your computer. Please only store them onto the network. Though the virus can get to those network locations too, at least we have a backup. For most of our customers there is no backup of your individual computer.
  • Check every email with a clickable link in it before you click. Check every email with an attachment in it before you open it. The easiest way to do this is to drag the suspect email into Junk. This will expose all of the links URL paths. From there you will be able to see if they really lead to UPS or your customer or if they direct you to some other domain name.
  • We also have a test to help you learn how to identify tricky emails. Ask your technician to show you how to identify suspect emails and to take the test. It’s a great learning experience.
  • Keep your computer up to date. When you get a notice that updates are available, install them. They are there to protect you.

Phone Scam Alert

While working with a client last week, Ted witnessed a scam phone call from someone claiming to be from Microsoft. They are offering to fix a problem with your computer and ask to be let into your computer through remote control software. Once on your computer, they run “the fix” which is actually a program to capture your personal information. It scans for saved usernames and passwords, credit card, addresses, social security numbers, bank account numbers, etc. It will grab both the credentials themselves and documents that might contain them. They will also try to charge you for the service by collecting your credit card or bank information for direct withdraw. This scam has been around for a while and although the FBI has repeatedly shut them down, a new one pops up all the time. I recently read that people have lost 12 Billion dollars to scams like this so far.

How can you be careful?

  • Microsoft doesn’t monitor your computer or offer to fix it. So if you get a call like that, it is always a scam. Occasionally we may open a ticket with them about your server but they will be calling us back, not your office. In the event you do get a call, tell them that you’ll connect them to your IT department and they will hang up.
  • If you get a call like this. Hang up. They might call back but before they do, call your technician. We’ve heard of cases where these guys really put on the hard sell to convince you that they are legitimate and we can help you push back to get rid of them.

As always just be really cautious. This is the scariest time that has ever existed in computing.

-Amy Babinchak, Harbor Computer Services


p.s. Follow us on Facebook!

Leave a comment

Your email address will not be published. Required fields are marked *