Take Extra Care with Suspicious Emails

An old threat has resurfaced it is called Cryptowall

CryptoWall is a sophisticated ransomware program that encrypts the victims’ files with a strong cryptographic algorithm. Users are asked to pay the equivalent of $500 in bitcoin virtual currency in order to receive the decryption key that allows them to recover their files.

  • Since the emails are originating from spoofed email accounts, educate your users on checking the senders of the e-mails and verify the legitimacy of the sender
  • Block traffic to above domains at your network perimeter devices
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources
  • Remind users to be cautious when clicking on links in emails coming from trusted sources
  • Remind users not to download suspicious or unauthorized programs
  • Ensure anti-virus is installed and definitions are up to date
  • If infected with CryptoWall, remediate the infection via antivirus. Following the remediation, restore any encrypted files from backup or system restore points and volume shadow copies.

Not all businesses have a server, however another useful configuration which helps against attack is to always use an operating system still supported by Microsoft (Windows 7 onwards) and have one normal user account for everyday work which cannot install software and a second account with administrator rights. With this configuration when a program tries to make a change to the operating system you are alerted.

Comments

  • Veeramani, Thu, 09/22/2016 - 18:08:

    Testing for comment types.. It's working fine.. Awesome..!!!

  • Trotman, Thu, 09/22/2016 - 19:00:

    Testing comments are working good and nice..

Leave a Reply

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA

Enter the characters shown in the image.