June 6, 2016
New Ransomware Replicates Itself Says Microsoft
You’ve probably seen the joke email before. Something to the effect of, “If you don’t forward this message to six people within twenty-four hours, your teeth will fall out, your car will break down, and all the files on your computer will be deleted.”
Ransomware isn’t quite to that level yet, but it’s getting awfully close. Microsoft warned recently of a new strain of ransomware that not only locks and encrypts all your files, but also actively hides itself from the user, and can make copies of itself, so that it can spread to other machines via flash and network-connected drives.
When the software is unwittingly installed onto a user’s PC, it will scan for the presence of any flash/network drives and automatically copy itself to any that it finds, which really moves the needle in terms of threat level. Until now, as bad as ransomware is, all we’ve seen it do is infect a single machine. If these reports are accurate, and there’s no reason to think that they aren’t, it gives ransomware the ability to spread more like a virus, which means that a single impacted machine could put every computer on your network at risk.
The new strain of the software goes by the name “ZCryptor,” and in its current form, charges the infected user 1.2 BitCoin (about $500 USD) to decrypt their files. The price goes to 5 BitCoin if the ransom hasn’t been paid in four days, and after a week, the files are simply eliminated.
Microsoft advises any infected user to restore from backup, rather than paying the ransom, but the company seems skeptical of its own advice, given that some strains of ransomware also have the ability to delete backups, making such a restoration impossible.
If you are concerned about ransomware, our team can help. We can come up with a robust backup and security solution that can help prevent or recover from infection. Feel free to reach out to our team for more information.