Opening the wrong email could destroy in seconds every file you have saved, photo memory recorded, song purchased, or even the entirety of your business’s data. A new virus has been discovered that silently appends itself to all of a user’s files and spreads silently as the merchanttoken files are shared. When the virus activates, it locks the files and displays a ransom demand. This is a new type of threat and also a significant risk to both businesses and home users. Imagine every file you touch becoming infected, leaving you unable to access them again.
What is it?
Ransomware is not new but the method in which VirRansom works is new. Traditional ransomware is actually malware. Most users get it by opening a seemingly urgent email about an overdue bill, IRS warning or an efax that has been waiting for them to view. When opened, the ransom malware executes a script that encrypts, or locks, any picture file, document or spreadsheet using an encryption method that usually cannot be broken. A splash screen is then displayed demanding money be sent to some overseas account in order to unlock the files.
VirRansom is different in that you may not know that you have it yet and spread it to others. VirRansom appends itself to a file and spreads through file sharing. The virus continues to self replicate and await activation. The user will never know they are infected until that time and then it has already done it’s damage.
How To Protect Yourself
Be especially aware of suspicious emails. If you do not use eFax, do not click on an email about “your” eFax account. The IRS will never contact you via email. I have even seen one about EZPass. It looked very real. However, when was the last time EZPass emailed you about your account? Probably never. Some of the subject lines may be:
- Payroll Received by Intuit
- ADP RUN: Payroll Processed Alert
- Payroll Manager Payroll Invoice ADP RUN
- Payroll Processed Alert Annual form ACH Notification
- Annual Form – Authorization to Use Privately Owned Vehicle on State Business
- DNB Complaint – (Number)
Be careful of attachments, especially zip files. If you are not certain about their credibility, do not open them.
Misspellings are also a big indicator. I have often wondered how much more successful these types of attacks might be if their author checked for grammar and spelling.
Have a Multi-Layered Security Approach
Using antivirus as the sole level of protection does not work. There are too many variants of malicious software to protect against them all. At PTM, we use a multi-layered approach with all of our clients to ensure that when one method of protection is bypassed or defeated, another is in place to block a serious business risk. Having a security plan with multiple layers of security to guard against the multiple vectors of attack is absolutely necessary to stop a potential nightmare situation.