We’ve talked before about a particularly nasty strain of malware know as ransomware – a programme that ‘locks’ your files and only allows access once you pay a fee. Ransomware is very difficult to detect and get rid of, and paying it usually won’t work either – it will simply lock up again the next time you start your computer. But now there’s a new strain of ransomware on the block – and for a lot of business owners it’s their worst nightmare. Instead of revoking access to your files, this virus threatens to publish your files to the Internet if you don’t pay up.
This new type of ransomware – named ‘Chimera’ is a new twist on the old staple of ransomware viruses. Instead of locking away your files and threatening to delete them, it instead locks your files and threatens to publish them to the internet if you don’t pay their ransom. The ransom demanded through this virus can be anything from £200 to £10,000, and Chimera seems to be targeted at businesses rather than personal files. Here’s how it works:
Hackers send a series of infected emails out to specific employees within the organisation they are trying to hack. The prime target for these are finance and HR departments as well as high up executives. These emails will be masquerading as a job application or business offer from a client or supplier. The email contains a link to a malicious file hosted on Dropbox. Once clicked, the machine will then be instantly infected with Chimera.
Once Chimera has infected a machine it will get to work encrypting all the local files it can find. The user at this point is unaware they have been infected, and will continue as usual. After the next reboot of the machine the screen will now display a simple ransom note explaining that all documents have been encrypted and the machine locked, and demands a sum of money to provide the encryption key. All fairly standard ransomware stuff. But here’s the twist – the ransom note also says that if the money isn’t paid, all files will be uploaded and published online, and promoted for the world to see. For many businesses or departments that handle sensitive information, this is very bad news and poses a monumental risk.
Unfortunately, if you haven’t backed up your files regularly you could be in big trouble here. The key to preventing data loss if you are infected with ordinary ransomware is to keep regular backups. This is because the hackers will threaten to delete your files if you don’t pay up, so having a backup provides you with a level of protection. However, because this ransomware has turned the idea on its head, it’s more about prevention than removal. Ensuring you have a strong and resilient anti-virus programme installed both on your individual machines and your network is essential, as this will likely catch things before they get through. Education for all employees around the dangers of opening unknown emails will also go a long way – with a particular emphasis on not opening unexpected attachments, especially from unfamiliar email addresses. There isn’t any official advice for how to handle a ransomware attach by Chimera, so at the moment the focus should be on shoring up your defences and staying protected. After all – deleted data is easy to fix, but leaked sensitive data is not.
Protection, anti-virus and basic security training is something we at All Your Computers specialise in So if you need some help to bolster your defences, need a review to find any holes or don’t have anything in place yet, get in touch with us today and we can ensure your business is secure.