Tag Archives: Anti-Virus

Cryptolocker – A virus that holds your business on ransom

Over the past few days we have seen an increased spread of a dangerous Ransomware virus…commonly known as Cryptolocker and Anti-viruses have been UNSUCCESSFUL in detecting it which is why we request your attention.

So what is a Crypto Locker virus ?

Crypto Locker is a virus which essentially encrypts (or in other words locks) all commonly known file formats such as doc, xls, jpg, pdf, mp3 etc. on your computer and whatever your computer is connected to with Military grade encryption mechanism making them unusable.
This means that if one of the employees in your business downloads this infection, the virus can potentially damage all files/folders that their PC is connected to including Network shares and files stored on the server making it inaccessible for everyone else… essentially bringing the business to a complete halt.

The virus makers then ask you to purchase the decryption key to unlock the files and the price you pay depends entirely on how many files they have managed to encrypt. From what we have read and seen ourselves, it could be anywhere from $600 – $9000.
This is a view of how your files will look like once infection has penetrated.

Example of Files infected by cryptolocker

Click here to see Example of Files infected by Cryptolocker

And how do you get your files back if you did get infected?

If your files did get infected there are literally only 2 ways out. One is to pay the ransom (as shown in picture below) via BITCOIN and hope that they do send you the decryption key

Purchasing Decryption Software from Cryptolocker

Purchasing Decryption Software from Cryptolocker

Second is to ensure that you have a good backup and Disaster Recovery(DR) strategy in place to recover your files from. In the case of one of our clients they could get their files back only because they had a good backup and DR system in place. Let’s say if you have a single backup disc with no disk rotation strategy in place, the disk connected to the PC/Server at the time will also be infected with the virus.

If you don’t have a good backup and DR strategy in place or are unsure if your backup system is regularly tested contact us on 1300 978 938  to discuss your needs.

A virus that outsmarts Antiviruses

Our clients that were infected with this virus last week had their Antivirus protection up to date and yet their entire network got infected. Luckliy for them they had a good backup system in place which was setup by MULINK due to which they only lost a few hours worth of work.
When we downloaded the infected file ourselves and ran a check against 54 popular Anti-viruses in the market today, only 8/54 (i.e. 15%) picked the file as being infected. Results as in picture below.

Scan results from various Antiviruses

Scan results from various Antiviruses

This Crypto locker virus is outsmarting the antiviruses because it uses patterns and signatures that antiviruses cannot detect unless the file is reported to them. In the case of our clients, we reported the file and the website the infection came from to 3 antivirus companies and within 12 hours of us reporting this, the detection ratio had gone up from 15% to 65%.

Where does the infection come from?

The most common ways we are seeing this virus spread is by Email Phishing i.e. the virus makers send you an email impersonating Paypal, Australia-Post or a Major Bank. You are then redirected to their website which looks exactly the same as these organisations (picture below). Innocent users are then coaxed into downloading a file, which when downloaded and run, starts penetrating through the files on your PC, network shares, USB devices etc. making them unusable.

Example of Fake version of Australia Post Website

Example of Fake version of Australia Post Website

What can I do to prevent infection?

Do not open any email that looks suspicious. If in doubt, check with your IT Consultants or  organisations where they supposedly originated from.
Australia post and major banks have been warning people against opening such emails. Here is a warning issued by AUPOST last week – http://auspost.com.au/about-us/email-scam-warning-jul-2014.html
Secondly, refrain from downloading pirated movies/music/shows from bit torrents or other such p2p websites.
And lastly be aware…Spread the word by forwarding this  to co-workers, friends and colleagues.

If you have any further questions/comments, post them below or contact our team on 1300 978 938


Is your IT Infrastructure at risk because of the Heartbleed bug?

On the 9th of April 2014, security researchers announced a security flaw in the popular data encryption standard, OpenSSL that gives hackers the ability to extract all data from services that companies use every day. OpenSSL is basically giving you protection when you’re sending an email or chatting on IM by making the data that is sent look like nonsense to everyone except the intended.

The Heartbleed bug effectively decrypts all information sent from server to client, and client to server making it visible for hackers to see what you are sending. A lot of popular chatting IM sites that businesses use such as Google (Gmail), Pinterest, Tumblr, Yahoo and more could have been used to exploit this bug as they use OpenSSL.

How to protect yourself and your business from the Heartbleed bug.

What Mulink Technologies recommends:

–          Changing your password on Web-accessed software (Gmail, Yahoo, Hotmail, etc)

–          Do not user the same password on every website and routinely change it (30 days)

–          Implement a password saving software such as Password Safe.

If you or your company is re-using the same password across multiple websites, you could still be vulnerable to the Heartbleed bug.

Any good IT Service provider will ensure that your company is safe against the Heartbleed bug, if that is not the case you may want to re-think your IT and Infrastructure needs and call Mulink Technologies on 1300 978 938.

Security Alert – eBay Hacked

This is to bring to your attention that eBay has requested all its users to urgently change their passwords after a security breach was identified on Wednesday.

Everyone should take this warning seriously and change their password as soon as possible. Further, if your PayPal account is linked to eBay, we would highly recommend changing its password too.

This has once again reminded us the importance of keeping all your online accounts to have unique passwords. Consider the implication if your password goes into the hands of a hacker and then he has access to your email and bank accounts.

More details here – http://www.cnet.com/au/news/ebay-hacked-requests-all-users-change-passwords/