An old threat has resurfaced it is called Cryptowall
CryptoWall is a sophisticated ransomware program that encrypts the victims’ files with a strong cryptographic algorithm. Users are asked to pay the equivalent of $500 in bitcoin virtual currency in order to receive the decryption key that allows them to recover their files.
- Since the emails are originating from spoofed email accounts, educate your users on checking the senders of the e-mails and verify the legitimacy of the sender
- Block traffic to above domains at your network perimeter devices
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources
- Remind users to be cautious when clicking on links in emails coming from trusted sources
- Remind users not to download suspicious or unauthorized programs
- Ensure anti-virus is installed and definitions are up to date
- If infected with CryptoWall, remediate the infection via antivirus. Following the remediation, restore any encrypted files from backup or system restore points and volume shadow copies.
Not all businesses have a server, however another useful configuration which helps against attack is to always use an operating system still supported by Microsoft (Windows 7 onwards) and have one normal user account for everyday work which cannot install software and a second account with administrator rights. With this configuration when a program tries to make a change to the operating system you are alerted.