How to Recognize Malware
CryptoWall is all the rage amongst hackers and individuals who just want to give businesses and individuals a bad day. This malware seeks out and encrypts documents on the infected machine and any connected shares or drives. The victim is then prompted to pay a ransom to obtain a key to unlock the files. If the victim doesn’t respond within a specific timeframe—usually 24 to 48 hours—some variants of the malware will double the ransom and ask again. Unfortunately, paying the ransom does not always result in obtaining the key or decryption of the documents.
This cybercrime, which is a variant of “ransomware,” is distributed through spam emails, malicious advertisements on legitimate websites, and as fake updates for applications and plug-ins such as Adobe Reader, Adobe Flash, and Java.
Most of the spam emails are variations of notifications for a fax, a voicemail message or a UPS shipment. Some appear to be from a government agency and refer to a fine or court proceeding.
These example subject lines were taken from actual malware messages:
- Voice message from for mailbox 120
- INCOMING FAX REPORT: Remote ID:
- Message at 2014-05-06 08:11:55 EST boundary="------05020600703040205040303"
- UPS Exception Notification, Tracking Number 1Z522A9A6892487822
The emails may contain an attachment or the body of the email message may contain a link to an external website or download. It is not uncommon for the email messages to be written in stilted or ungrammatical English, although we expect this to change as the attackers become more sophisticated. You are no longer required to download a file and run it in order to activate it. Merely clicking on link through an email can be enough for you fall victim.
You can help prevent CryptoWall by educating your employees to not click on a link in an email unless they are absolutely certain they know where it leads. Look into a proactive approach, such as getting antivirus software to protect yourself from instances like these. No matter how many layers of security protection are put in place it won't always be able to stop all attacks all the time, but you can minimize your exposure and help protect your computers and infrastructure.
Already using AV software? Comment below and tell us what program you or your company uses.