A new variant of the Cryptowall malware is now being spread across the Internet. Cryptowall malware is a program infecting computers, encrypting key files, and then offers the decryption tool if you pay a ransom. The ransom doubles every ten or so days.
The old version would leave your filenames in tact. The new version changes file names and extensions. As of now, anti-malware companies are updating to try to keep pace with the bad guys.
Like the prior version, this one is being transmitted through emails with a resume.zip extension. Soon, we will probably see infections in other vectors, too.
What should you do?
- Make sure you update your anti-virus and/or anti-malware applications today.
- Provide regular education to employees about avoiding incidents like these.
- Ensure your backup systems are working and you have tested the “restore” function.
- Contact your insurance agent to determine if you have coverage in the event your office is hit.
If all of this confuses you or you just need a hand managing the risk, call or email us. We’ll help you with the ransom, insurance, and risk review. We’ll even interface with your IT team!
Tech folks: see the full breakdown at http://bit.ly/1Op730H or if you want the full link: head to Hybrid Analysis.