Print Page   |   Contact Us   |   Sign In   |   Register
News & Press: 2015 News Items

Beware, Ransomware is hitting SA businesses like a tsunami

06 March 2015  
Posted by: Bert vd Heever
Share |

Our bookkeeper opened a fax to e-mail and the next minute her computer was hijacked!

A screen popped up that advised us that all files on the computer had been encrypted and unless we pay a 2 Bitcoin ransom (about US 300,00) within 96 hours we will not be able to access the files ever again.

We immediately switched off the computer and disconnected all computers from the network as the new variants of Cryptolocker malware can sniff out mapped drives and using RSA public-key cryptography, encrypt all files on your server or other mounted drives as well.

Opting not to pay the ransom (there is no guarantee that the hijackers will restore your computer) we basically lost all software and information on the computer as we had to replace the hard drive. We were extremely lucky to just lose one computer.

A couple of thousand rand poorer we now have a computer with a new hard drive and a smattering of files a specialist managed to recover from the old infected drive.

In less than a week, more than a dozen businesses in Vanderbijlpark have suffered the same fate and worse!

Because of the way the malware payload is delivered, anti-virus programs are not always able to prevent the infection.

There is no way to recover all your data if your PC has been attacked by one of the the Locker viruses

To read more about this scourge click here.

You may also consider installing CryptoPrevent but please do so only after carefully reading up about it or consulting with an IT specialist. We cannot vouch that this is the ultimate protection but it does seem to offer some defense against ransomware criminals.

A member of our local business chamber also pointed me to the decryptolocker website at https://www.decryptcryptolocker.com/. They (FireEye and Fox-IT) have partnered to provide free keys designed to unlock systems infected by CryptoLocker.

We tried to upload some our encrypted files but it would not take on files encoded by the latest CTB locker variant (read this article for more information).

Please advise your friends and family to be alert and aware of the latest crime wave.

Don't delay, make that  backup to an external drive now!

Bert van den Heever
ASAQS Webmaster
25/02/2015