Many people utilizing cloud computing, whether for storage or for actual computing, sometimes believe that because of its unique positioning off an actual “computer” that it is safe from typical viruses and malware. However, that is not the case. An interesting story from one of our favorite blogs Krebsonsecurity.com reported that a company had all its files on the cloud server seized by ransomware.
Apparently the problem started when an employee opened an email in Outlook that looked like an invoice. The attachment was malware, however, which then went on to cripple the company’s file system. All files had a .vvv extension and there were “help.decrypt” files in all the folders which were the hackers instructions on how to pay the ransom and unlock the files.
The good news was that the company did in fact have backups of all files since the cloud server provider made daily backups – essential for any individual or company. However the time they wasted restoring the files could have definitely been better used elsewhere. The cloud company also said that the malware infected other users on the same server.
The malware itself was a strain of TeslaCrypt, which itself is not the best ransomware. A defect in the code has allowed security researchers and analysts to sometimes be able to decrypt files without paying a ransom. There is even a program called TeslaDecoder, created by the forum users at Bleeping Computer, that can be used to decrypt files.
Ultimately the best defense against ransomware and any malware is a set of daily backups. You can do this as an individual user by employing the usage of an automatic cloud backup program such as Backblaze. Corporations will often need larger scale solutions, so ask your IT professional about creating daily backups that are offsite or offline.
Another security against malware is instructing your employees to be extra vigilant about emails with attachments. Instruct them to scrutinize who the email is coming from before opening attachments willy nilly. Employees have to be careful, so instructing them about what to look for can be very helpful. Many people simply just don’t know what to look for and this is how malware often spreads.
Another reason that ransomware is spreading more prolifically now is because of the rise of “plug and play” ransomware crime syndicates. There is software that you can buy that enables you to start your own ransomware business by simply providing a bitcoin wallet for victims to pay the ransom. It’s called “ransom32” and its distributed in the internet underground. There is even a rudimentary control panel that enables you to see how many times the ransomware has been downloaded as well as how much has been paid to your account.
As a public service announcement, if anyone has been affected by ransomware, please refrain from paying the ransom in a gut reaction. There are a few programs out there that might be able to decrypt your files. Head on over to the Bleeping Computer ransomware section and see what they have available.