Addsum web site and general info

Postings here will focus mainly on Advanced Accounting software updates, tips, and related topics. They will also include general comments relating to troubleshooting PC/Windows/network problems and may also include reference to our other software products and projects including any of our various utilities, or to the TAS Premier programming language. We considered setting up separate blogs for different topics so that users/others could subscribe to topics mostly aligned with their interests, but decided that it would be better to keep things simple since some topics cross over into others. We would nonetheless welcome your feedback/input in this regard. Our web site URL is www.addsuminc.com. Call us at 800-648-6258 or 801-277-9240. We also maintain www.advancedaccounting.us so that older Business Tools users in particular have a greater chance to find us.

Follow

We highly recommend that accounting software users "follow" this blog via e-mail (enter your address and click on Submit below) or subscribe to a feed (see also below) as a way to keep current on the latest updates and accounting software news and information. You may also want to whitelist this e-mail address: noreply@blogger.com.

Follow by e-mail

Wednesday, October 15, 2014

CryptoLocker ransomware: educate your e-mail users before it is too late

Ransomware is not new but in the past year has entered into an entirely new era with the advent of the CryptoLocker virus. Just in the last two days in different parts of the country two of our accounting software users have encountered this virus and it has created havoc. Neither paid any ransom but rather were able to thwart the virus by taking fast action; nonetheless it caused an interruption in business of these users along with technical support expenses, and considerable angst.

Once a system is infected, the virus spreads very quickly and easily jumps around and onto shared network drives. On one system it jumped to a server drive from a client PC that only had basic, non-administrative user rights and within less than two hours had copied its ransom notice files into every folder on that drive. So any PC (or other device) connected to your network server could spread it.

Additional morphs of CryptoLocker have also recently appeared.

Your anti-virus program may not be able to detect CryptoLocker or its morphs. Therefore, it is critical to focus on the education of your end users NOT to click on links or open e-mail attachments from unknown, untrusted or suspicious sources that may be disguised in any number of ways.

It is not clear whether the virus is able to encrypt files that are in active use; but it does not seem to discriminate in terms of what files it goes after. One user's first notification was when a simple JPEG file could not be loaded and was essentially corrupted by the virus.

General background information about the CryptoLocker trojan can be found on Wikipedia.

A Virus Bulletin Ltd. blog mentions a recent tool that may be able to provide the decryption phrase in some circumstances as a result of a joint effort between FireEye and Fox-IT (the PDF maker). See:


Some further helpful technical details:


As is discussed in greater detail in a related blog, lack of end user awareness of potential serious infections as a result of careless e-mail use is a significant part of the problem. And hackers know this.

Recovery requires an off-line backup that was made prior to the infection. So in addition to strongly reminding end users about e-mail and related dangers, revisiting your backup strategies is also in order.