Just when we thought we had seen the worst virus ever known – CryptoWall 3.0 – an infection even worse comes along.
CryptoWall-infected computers have all of their documents and pictures encrypted and held ransom by cybercriminals. You can’t open or use any of your files unless you pay their exorbitant ransom of hundreds of dollars in hopes they will decrypt your files. Since they’re criminals, there’s no guarantee they will honor their word after they’ve already pocketed your money.
This threat is very real. Two clients came to my office in the same day last week with the CryptoWall virus on their computers. One lost all of his files because he didn’t have any backups; the other recovered many of her files because she had a backup from a year ago.
While CryptoWall 3.0 is extremely difficult to prevent, it uses the old-style method of infecting your computer. You click on a link in an email or a website, you’re taken to a website that downloads the infection to your computer, and it automatically runs. Damage done.
But this latest strain of ransomware CANNOT BE PREVENTED.
What’s worse is that it’s attacking your computer from legitimate websites – like Photobucket.com, CBSSports.com, HuffingtonPost.com, Mapquest.com, Realtor.com, and many others.
These are websites that everyday computer users visit all the time.
Time Warner Cable customers. You’re exposed too, especially if you check your email on their website at mail.twc.com.
This latest threat, known as Fessleak, bypasses all antivirus software because it’s doesn’t install any files on your computer before it does it’s damage. It initiates a command to a process on your computer via your computer’s memory right from the hijacked website.
These cybercriminals create advertisements that get displayed on popular websites all over the Internet through ad distribution networks. They use intriguing subject lines to trick you into clicking on the ad.
Recent subject lines they’ve used include: “Grandma’s response to getting an iPhone for Christmas is hilarious” and “These are the Charlie Hebdo cartoons that terrorists thought were worth killing over.”
The subject line paired with a compelling photo summons your curiosity, which makes you click on the ad.
Within moments of clicking on the ad, a full screen message appears telling you that all your files are encrypted and you have to pay a ransom to get them back.
Your computer can also become infected in other ways – without you having to click on anything. The hackers use vulnerabilities in popular software –like Adobe Flash Player – installed on your computer to infect and destroy. Again, this goes undetected by antivirus software.
WHAT YOU MUST REMEMBER
Antivirus protection on your PC is a necessity.
BUT … NO antivirus software will prevent 100% of infections. And it will NOT protect against these latest, most destructive ransomware infections in the wild at all.
WHAT YOU MUST DO
First, you MUST religiously back up the important files on your computer.
An off-site backup is preferred. If you back up to an external hard drive or flash drive, you MUST disconnect it from your computer as soon as the backup is complete. Otherwise, these infections will destroy your backups, too.
Second, install Windows updates and other software programs as quickly as you can when they are released.
Third, install AdBlocker plugins for your web browsers to prevent advertisements from showing up on websites you visit. AdBlock Plus (adblockplus.org) is a good plugin to use.
Finally, be careful what you click on. Don’t let your curiosity get you in trouble.
The days of the safe Internet are long gone. Prevention is becoming increasingly difficult. Preparation for the inevitable is now what every computer user must do.