Another Ransomware Surprise And This One Is A Beast

As if we all didn’t have a ton of real work to do, I just got a heads up note from Varonis that there is a nasty new Ransomware virus running around called Zcrypt and, if you catch it, it will cost you $542 to get your files back.  This little puppy is particularly tenacious as it copies itself onto any connected storage device or service.  That is network shares and USB drives.  So if another person uses that drive or that network share they get this nasty virus which behaves like a worm and they are out $542 per PC.  

For folks running Varonis’ solution there are a few easy steps to at least contain this thing and locate the sources so they can be eliminated and accounts locked preventing the spread of the damned thing.   

Mitigation

Now what makes Zcrypt particularly nasty is this Virus aspect it has, typically someone has to trick you into installing Ransomware but with this and an increasing host of virus like Ransomware you may just have to hit the wrong web page or file share.  

First to prevent this kind of attack make sure auto run is turned off on all of your computers.  That should significantly slow the spread of something like this and once again remember to avoid .zip and .exe files that come to you in email like the plague as they likely are containers for malware. 

In addition, make sure web filters are set to block untrustworthy links and email is set to block messages that are untrustworthy as well (I run two email filters myself). 

And backups are your friend but remember if you back up an encrypted file it may overwrite your good file and the remote backup site could become infected so having a local backup as well might be prudent for stuff you can’t afford to lose. 

Obviously having a good anti-virus product and a monitoring product like Varonis is critical to protecting against attacks.  

In addition, you can get insurance for Cyber Attacks and that might be a wise thing to pick up if you are a business.   

At The Heart Of The Problem

At the heart of this problem is the combination of Bitcoin which is used to safely pay these blackmailers and a lack of capability to go after them.  Many are located in Eastern Europe where malware is legally sold and only punishable if you are caught using it in country.   There have been a number of efforts to go after some of the largest offenders but even law enforcement agencies have had to pay the ransom.   

Until this gets corrected this problem isn’t going away any time soon. 

Wrapping Up:  This Is Just The Start

I’m convinced that it will take an unusually aggressive effort by a group of countries before this kind of threat can be properly addressed.  I also expect that eventually one of these viruses will go too far and illicit a military response.  Until then you need to take this risk seriously and make sure your kid’s computers as well as your own have as much protection as you can give them because one infected machine can now infect others and the outcome for your business or school project could be disastrous.