ESET Ireland reports the last few weeks have seen an increased number of victims of data locking ransomware among Irish businesses.
Malware and support experts from the antivirus firm ESET Ireland (Ciaran McHale, Lorna Mayers, Urban Schrott) have been receiving calls for help from all over the country from businesses hit by one of the most malicious forms of malware – data locking ransomware known as Cryptolocker, detected by ESET as Win32/Filecoder. We have received reports from Westmeath, Wexford, Waterford, Galway, Donegal, etc, mainly from SMBs with an average of 15 computers each.
Filecoder malware infects the computer then encrypts (locks) all Word, Excel, PDF and other files, so the owner can’t open them until he has purchased a decryptor from the attackers, which unlocks them. The cybercriminals usually request the ransom to be paid in Bitcoin and the average amount required is between US$300 and US$500. A 2013 UK survey showed 41% of those attacked decided to pay the ransom and Bitcoin traffic associated with accounts related to ransomware showed cybercriminals made in excess of US$20 million per month.
What most of the affected companies had in common was that they had poor security and partial or no antivirus software in place. Several suspect their infection came from an email attachment. In most cases one machine became infected first then encrypted all network shares. Many of these companies also didn’t have their data backed up, so some decided to pay the ransom to retrieve their files.
ESET’s suggestions on dealing with Filecoder infections
Don’t pay the money
Contact a computer professional instead, if you can’t unlock it yourself. In some cases – especially filecoders – there may be nothing you can do, but an IT professional should be your first stop.
Don’t think that if you get past the lock screen, it’s “gone”
It is sometimes possible to get “past” the lock screen displayed by some forms of ransomware – but that doesn’t mean you’re safe. Your computer is probably still infected. Unless you have in-depth knowledge, don’t get your hopes up, as many use strong encryption which is basically impossible to break. Either invest in proper AV software or contact an IT professional for help.
If you are backed up, you’re “immune” to filecoders
Filecoders rely on one thing – that you keep unique, precious files on your PC. Don’t. Learn what “backup” means – and choose the right solution for you. For home users, a simple way to start “backing up” is to use cloud services such as Google Drive, Dropbox and Flickr to store documents, music, videos and photos. These services offer free versions, and can at least save some of the most personal files on your computer from being devoured by malware.
by Urban Schrott, ESET Ireland
For a detailed look on protecting yourself from Filecoder, see this article by ESET’s Lysa Myers: 11 things you can do to protect against ransomware, including Cryptolocker