Sorry to inform you, but the Trick or Treat season hasn’t let up for some people out there, in spite of the changing decor, candy wrapping, and music playing on the radio.
Ok ok, how about Happy Hack-u-hahaha! That wasn’t funny you say? Then how does Happy Crypto-a sound? Sorry, that’s still not right, and the reason it’s not right is because criminals have a very twisted idea of how to spend the holidays!
I’m going to talk to three people today. You can listen in however, as you might learn something in the process and be that much safer this season as a result.
Webmasters! It’s time to check on the status of your websites! I’m serious. This particular Christmas lump of coal that I’m about to tell you about, uses a password stealer to get into your ftp account so the criminal can inject infected code into your site. Now this two-prong method is not new. As a webmaster myself, I’ve had to deal with infected websites in the past already. One site got hit twice in the same year. We are on the front lines to prevent this current attack from spreading. If your ftp login is too simple, its high time you changed it. This is especially true if your website uses databases, such as wordpress, drupal, and ecommerce platforms out there. Those admin logins all need to be more than just a string of numbers as well. They ideally shouldn’t have “admin” as the username either. That’s rather default and simplifies the criminal’s efforts to break in.
Network Administrators and IT staff! Yes, I’m looking at you next! If your place of employment still does NOT have an online or offline backup system in place, WHY NOT??!! Save your company the exorbitant ransom fee and get that data backed up twice per day! Secondly, have you ensured that all computers in your network are fully patched? If you don’t need Java running, is it?? Does every single machine have current and updated antivirus software installed?? It better! If your business gets caught with this current threat and loses data over it, guess who’s head should be hung?!
Home users! Yes, now its your turn! Small business owners as well, look down here at this paragraph. Don’t ever think that “it won’t happen to me” or “I’ve been online for 20 years and never had a threat”. Because sooner or later, you’ll get bit, but hopefully not by this one! Make sure you have active Antivirus updated and running on your computer. Be careful which websites you visit and if your browser warns you about a threat, take it serously and don’t insist on visiting infected websites. AVG has a feature that will turn your browser screen red if you try to visit an infected website. Thirdly, make sure you too are engaged in offline or online backups of your data. Failure to do so will cost you BIG time. A similar threat has already stolen the data of at least one of my clients over the past year, and I’d hate to see it happen to you as well.
The good news is that Cryptowall is relatively easy to remove once it’s on your system. The bad news is that your files remain permanently locked if you can’t afford to pay for the key to unlock them.
As researchers have said, we have a criminals using password stealers to break into websites and deposit drive-by installations that if visited, will install cryptowall. You see, criminals understand the business concept of mash-ups just as well as webmasters and business startups do. Extortion after all, is a workable form of business even if it is underhanded with nasty side-effects. The criminal doesn’t care about you, they only care about your identity and your cash.
So #1: Make sure your computer is fully patched
#2: Make sure your Antivirus is current and up to date.
#3: Make sure your backup system is working, and get one if you don’t have one.
Webmasters: Ensure your login information will make the password stealer bog down trying to break into your hosting account. When you learn your site’s been compromised, clean it up as fast as you can! You guys are on the front lines THIS time! Don’t have your visitors wanting to throw lumps of coal at you this Christmas.