As some have heard, there has been an outbreak of a new strain of viruses primarily known as "Cryptowall" or "Cryptolocker." These viruses are unique in that they not only cause inconvenience to those whose computers are infected by the virus, but rather, encrypt all document and database file types in order to demand a ransom for their release. This means that personal/work documents are permanently encrypted with a government-level encryption standards with the secure key locked up on the hackers' servers. The only way to retrieve this key and restore the documents is to pay the ransom, unless measures are put in place to prevent the propagation of the virus and adequate backup procedures, ensuring that all documents can be restored in the case of an attack.
One of the methods that Northridge IT Services is taking in order to help prevent this type of outbreak is to start rolling out Microsoft Group Policy policies which restrict executables from running from certain system locations on the hard disk where these viruses are known to spawn from. As this type of application blocking can sometimes affect legitimate applications, time is required to fully iron out all conflicts while maintaining a high level of security. Additional applications that are installed or updates that do not complete properly should be referred to the helpdesk so that these can be remedied as soon as possible. In addition, new firewalls that scan all incoming downloads and filter out all web ads will begin to be deployed at SMB and enterprise sites. This will help ensure that these viruses do not reach the endpoints in the first place. In addition, anti-virus with centralized management will begin to be rolled out at these sites as well.
Further information about the Cryptolocker strain of viruses can be found in the attachments below.
Timothy Le
As some have heard, there has been an outbreak of a new strain of viruses primarily known as "Cryptowall" or "Cryptolocker." These viruses are unique in that they not only cause inconvenience to those whose computers are infected by the virus, but rather, encrypt all document and database file types in order to demand a ransom for their release. This means that personal/work documents are permanently encrypted with a government-level encryption standards with the secure key locked up on the hackers' servers. The only way to retrieve this key and restore the documents is to pay the ransom, unless measures are put in place to prevent the propagation of the virus and adequate backup procedures, ensuring that all documents can be restored in the case of an attack.
One of the methods that Northridge IT Services is taking in order to help prevent this type of outbreak is to start rolling out Microsoft Group Policy policies which restrict executables from running from certain system locations on the hard disk where these viruses are known to spawn from. As this type of application blocking can sometimes affect legitimate applications, time is required to fully iron out all conflicts while maintaining a high level of security. Additional applications that are installed or updates that do not complete properly should be referred to the helpdesk so that these can be remedied as soon as possible. In addition, new firewalls that scan all incoming downloads and filter out all web ads will begin to be deployed at SMB and enterprise sites. This will help ensure that these viruses do not reach the endpoints in the first place. In addition, anti-virus with centralized management will begin to be rolled out at these sites as well.
Further information about the Cryptolocker strain of viruses can be found in the attachments below.