WHAT IS RANSOM-WARE ?
Ransomware-type (virus) programs (CryptoLocker, for example) target all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. These ransomware virus programs will encrypt certain files using a mixture of encryption methods. When it has finished encrypting your files, it will display a payment message that prompts you to send a ransom payment ranging from a few hundred dollars to thousands of dollars (depending on the actual ransomware variant in question) in order to decrypt the files and restore your data.
These ransom-demand screens will typically display a timer stating that you have a number of days to pay the ransom or it will delete your encryption key and you will no longer be able to decrypt your files and restore your data. Once you send the payment and it is verified, the program message says it will decrypt the files that it encrypted, giving you back your data.
Will you actually get your data back if you pay? How trust-worthy is someone who does this damage in the first place? What do you think?
WHAT DATA IS VULNERABLE TO RANSOM-WARE ?
Here is a list of the file types these virus programs infect (by no means is this list complete): *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls,*.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd,*.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, *.jpg, *.dng, *.3fr,*.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw,*.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c.
HOW DOES THE VIRUS FIND THESE FILES ON YOUR NETWORK?
Ransom-ware virus programs, once started, will scan all physical and mapped network drives on the infected computer and when it finds targeted file types, it will encrypt the file. Once encrypted, the data is essentially gone, lost forever, if you do not have a data backup that can restore the file.
HOW DOES RANSOM-WARE INFILTRATE YOUR NETWORK AND ATTACK YOUR DATA?
What we are seeing are “official-looking” emails typically appearing to come from banks, delivery companies (UPS, FEDEX, USPS, et. al), as well as from job seekers (indicating a resume is attached) and payroll processing companies containing a ZIP or PDF type file that is actually an executable (virus) program in disguise. The email will typically ask the user to open it to review a check image or a delivery confirmation information. Once it is open, the virus program is started (invisible – it runs in the background) and the user does not even realize their computer is running this virus, all the while it is systematically finding data files on the network and rendering the file useless.
IF YOU ARE UNSURE ABOUT THE SOURCE OF THE E-MAIL OR IF YOU RECEIVE UNSOLICTED E-MAILS WITH ATTACHMENTS, DO NOT CLICK OR OPEN THE ATTACHMENT!