Cryptolocker – A virus that holds your business on ransom

Over the past few days we have seen an increased spread of a dangerous Ransomware virus…commonly known as Cryptolocker and Anti-viruses have been UNSUCCESSFUL in detecting it which is why we request your attention.

So what is a Crypto Locker virus ?

Crypto Locker is a virus which essentially encrypts (or in other words locks) all commonly known file formats such as doc, xls, jpg, pdf, mp3 etc. on your computer and whatever your computer is connected to with Military grade encryption mechanism making them unusable.
This means that if one of the employees in your business downloads this infection, the virus can potentially damage all files/folders that their PC is connected to including Network shares and files stored on the server making it inaccessible for everyone else… essentially bringing the business to a complete halt.

The virus makers then ask you to purchase the decryption key to unlock the files and the price you pay depends entirely on how many files they have managed to encrypt. From what we have read and seen ourselves, it could be anywhere from $600 – $9000.
This is a view of how your files will look like once infection has penetrated.

Example of Files infected by cryptolocker

Click here to see Example of Files infected by Cryptolocker

And how do you get your files back if you did get infected?

If your files did get infected there are literally only 2 ways out. One is to pay the ransom (as shown in picture below) via BITCOIN and hope that they do send you the decryption key

Purchasing Decryption Software from Cryptolocker

Purchasing Decryption Software from Cryptolocker

Second is to ensure that you have a good backup and Disaster Recovery(DR) strategy in place to recover your files from. In the case of one of our clients they could get their files back only because they had a good backup and DR system in place. Let’s say if you have a single backup disc with no disk rotation strategy in place, the disk connected to the PC/Server at the time will also be infected with the virus.

If you don’t have a good backup and DR strategy in place or are unsure if your backup system is regularly tested contact us on 1300 978 938  to discuss your needs.

A virus that outsmarts Antiviruses

Our clients that were infected with this virus last week had their Antivirus protection up to date and yet their entire network got infected. Luckliy for them they had a good backup system in place which was setup by MULINK due to which they only lost a few hours worth of work.
When we downloaded the infected file ourselves and ran a check against 54 popular Anti-viruses in the market today, only 8/54 (i.e. 15%) picked the file as being infected. Results as in picture below.

Scan results from various Antiviruses

Scan results from various Antiviruses

This Crypto locker virus is outsmarting the antiviruses because it uses patterns and signatures that antiviruses cannot detect unless the file is reported to them. In the case of our clients, we reported the file and the website the infection came from to 3 antivirus companies and within 12 hours of us reporting this, the detection ratio had gone up from 15% to 65%.

Where does the infection come from?

The most common ways we are seeing this virus spread is by Email Phishing i.e. the virus makers send you an email impersonating Paypal, Australia-Post or a Major Bank. You are then redirected to their website which looks exactly the same as these organisations (picture below). Innocent users are then coaxed into downloading a file, which when downloaded and run, starts penetrating through the files on your PC, network shares, USB devices etc. making them unusable.

Example of Fake version of Australia Post Website

Example of Fake version of Australia Post Website

What can I do to prevent infection?

Do not open any email that looks suspicious. If in doubt, check with your IT Consultants or  organisations where they supposedly originated from.
Australia post and major banks have been warning people against opening such emails. Here is a warning issued by AUPOST last week – http://auspost.com.au/about-us/email-scam-warning-jul-2014.html
Secondly, refrain from downloading pirated movies/music/shows from bit torrents or other such p2p websites.
And lastly be aware…Spread the word by forwarding this  to co-workers, friends and colleagues.

If you have any further questions/comments, post them below or contact our team on 1300 978 938

 

Is your IT Infrastructure at risk because of the Heartbleed bug?

On the 9th of April 2014, security researchers announced a security flaw in the popular data encryption standard, OpenSSL that gives hackers the ability to extract all data from services that companies use every day. OpenSSL is basically giving you protection when you’re sending an email or chatting on IM by making the data that is sent look like nonsense to everyone except the intended.

The Heartbleed bug effectively decrypts all information sent from server to client, and client to server making it visible for hackers to see what you are sending. A lot of popular chatting IM sites that businesses use such as Google (Gmail), Pinterest, Tumblr, Yahoo and more could have been used to exploit this bug as they use OpenSSL.

How to protect yourself and your business from the Heartbleed bug.

What Mulink Technologies recommends:

–          Changing your password on Web-accessed software (Gmail, Yahoo, Hotmail, etc)

–          Do not user the same password on every website and routinely change it (30 days)

–          Implement a password saving software such as Password Safe.

If you or your company is re-using the same password across multiple websites, you could still be vulnerable to the Heartbleed bug.

Any good IT Service provider will ensure that your company is safe against the Heartbleed bug, if that is not the case you may want to re-think your IT and Infrastructure needs and call Mulink Technologies on 1300 978 938.

Security Alert – eBay Hacked

This is to bring to your attention that eBay has requested all its users to urgently change their passwords after a security breach was identified on Wednesday.

Everyone should take this warning seriously and change their password as soon as possible. Further, if your PayPal account is linked to eBay, we would highly recommend changing its password too.

This has once again reminded us the importance of keeping all your online accounts to have unique passwords. Consider the implication if your password goes into the hands of a hacker and then he has access to your email and bank accounts.

More details here – http://www.cnet.com/au/news/ebay-hacked-requests-all-users-change-passwords/

 

Can your business survive without Internet ?

8900 ADSL customers in West Melbourne had no internet for the whole of yesterday (14/05/2014).
This was a result of a Telstra Fibre that was chopped off accidentally by a road-works contractor in Footscray.

Consider the expense for businesses who are using cloud services and this can be massive when you work out the amount of time lost in productivity and wages.

The solution however is simple and cheap.

Many of our customers use a corporate level Firewall/ UTM device which  is capable to run a second 3g internet connection that can act as a backup in these scenarios.

We can plug a 3G/4G Telstra USB dongle straight into your Firewall and this would automatically come live whenever your primary internet connection fails thereby re-enabling your business.

Total YEARLY investment would be – $99 approx. for a 4g USB modem ( from Officeworks) + $180 (for 12 GB plan for 365 days from Telstra) = $279 inc GST.

If your IT Services provider is not giving you this advice, it is perhaps time to look into better options. Have a chat with us today to have the ultimate peace of mind.

 

Internet Doomsday – Possibly no access to Internet after 2 PM on Monday (9th July 2012)

MUlink Technologies

is sending you a WARNING message.
Your attention is requested.

Your PC maybe infected with DNS CHANGER Malware

It has been recently identified by the international group of Law enforcement authorities that back in 2011, unknown to many computer users around the world their PCs might have been injected with a Malware known as DNS CHANGER.

Computers that were infected by this virus/Malware were up until now, accessing INTERNET on their systems using temporary servers created by these CYBER CRIMINALS. However, after recent arrests made my international law enforcement authorities, it has been decided that these temporary servers will be shut down at 2PM(AEST) on July 9, 2012.

What it means to you is that, if your PC is still INFECTED, you will no longer be able to use the Internet after this day and time. MULINK Technologies has joined other media organisations in spreading this message because we would not like to see any inconvenience caused to our customers and their stake holders.

Hence, we request you to click on this link below to detect if your PC is infected –
http://dns-ok.gov.au/

If you see a message saying – “You do not appear to be affected by DNS Changer”, it means no action is required from your end.
If your PC shows as being infected, we request you to contact us by email as soon as possible so that we can include you in our next mailing list with a way to fix the virus.

Kindly forward this message to all people in your organisation, colleagues, people you do business with, friends and family and help us in spreading this important message.

If you like to read more please click the following links following –

http://dns-ok.gov.au/information.html
http://www.news.com.au/technology/internet-doomsday-a-ticking-time-bomb-acma/story-e6frfro0-1226418741284

We can be contacted on 1300 978 938 or by email on support@mulink.com.au