Booyah-Ransomware-copy

The National Fraud Intelligence Bureau (NFIB) recently warned of emails being sent by cyber criminals claiming to be from British Gas, Ministry of Justice and Home Office that contain TorrentLocker ransomware. See the article here http://www.actionfraud.police.uk/news/alert-virus-infected-emails-claiming-to-be-from-british-gas-ministry-of-justice-and-home-office-contain-torrentlocker-jul15

Reading this warning from Action Fraud prompted me to document my own experience with ransom ware only a short while ago.

Our main business is web design, search engine optimisation and online marketing, however, my background is 10 years of IT support. Over the last 17 years of Team Discovery I have had to rescue many clients from virus and malware attacks. Of course being an expert in this area I didn’t think it could happen to my computer.

A short while ago my trusted old laptop was going really slow. I decided to switch off my anti-malware system to do some upgrades and try to speed it up. It has been 12 years since I was last infected and that took 5 days to resolve. That was before we had the powerful anti-malware tools we have today. I didn’t think anything could happen to my laptop in a short time as I am very careful what I click on and have a powerful host based email scanning system from Symantec.Cloud that identifies malware attachments and spam. However, that can’t stop malware from malicious links. It wasn’t until I tried to open a spreadsheet that I discovered I had been “done”! Somehow in the short period that I had disabled McAfee on my old laptop that an encryption malware got in – almost all my files were encrypted.

I was so lucky that I had my outlook open so the malware couldn’t encrypt it. My business accounts are hosted on the cloud so they were not attacked. A txt file was stored in every directory that wanted a $1000 ransom to unencrypt if I paid up within 1 day but this went up to $3000 after 1 day! I never give in to ransoms and was determined to recover without paying.

I have a rigorous schedule of backups and was fortunate to have full backups of my system from 2 days before, including a new partially configured Windows 8.1 laptop standing by. I had been reluctant to switch as I didn’t like the Windows 8.1 interface. As a result of this malware attack I was forced to switch to my new Windows 8.1 laptop and learn the quirks of Windows 8.1. After many frustrating hours of working with the new laptop I now appreciate the benefits of Windows 8.1 including touch screen.

The message from this story is….

Anti malware will NEVER be switched off again just in case.

BACKUP, BACKUP, BACKUP and ensure that backups are offline and not live connected to any system otherwise the backup can be infected as well.

NEVER RELAX with malware – the fraudsters are getting increasingly clever and finding new ways to attack business and personal users to collect revenue. Always hover over links before clicking on them to see if the link matches what you expect. If you are not sure – don’t click!

I recently start looking at a potential new client’s website – every time I tried to access the website AVG blocked the site as being infected by a virus.  I asked one of my engineers to check the site and his AVAST also blocked it.   However, Symantec Endpoint Security which the client used inhouse wasn’t picking up the Virus when they looked at the site.  The implications for this client were that if his clients didn’t have a good anti-virus/anti-malware scanner he could be passing on a virus to them – not great for his clients – yes, there are people out there running unsatisfactory anti-virus/anti-malware tools.   As were introduced to this client through another trusted business partner we were given access to the backend CPANEL and identified that despite the fact that the existing web developer had an AV tool installed on the site they ignored the warning messages.  The site had the malware installed for some weeks and they did nothing about it.  We were able to clean to the site and ensure the integrity of the WordPress site.  Now we are taking over that website and have protected the reputation of this new client across 34 countries that they work in.

If you are unfortunate enough to get inflected by malware do get in touch. Although our focus is on the web design and marketing services we have the cyber security skills to investigate and recover systems inflected by Malware (although the exception to this are systems that have been encrypted and have no backup!).