UK Oracle User Group


Cryptowall, USBs, emailed malware and "honor among thieves"

4 November 2015

I'm sure many of you have heard recently of the rising prevalence of ransomware, particularly Cryptolock/Cryptowall and the growing prominence of walk-in Bitcoin exchanges and Buttonwood meetups. Cryptowall is a case in point of the malware. Spread mainly by infected email and "found" or shared USB memory sticks.

What is CryptoWall?

https://www.pcrisk.com/removal-guides/7844-cryptowall-virus

What is CryptoWall?
The CryptoWall ransomware virus infiltrates users' operating systems via infected email messages and fake downloads (for example, rogue video players or fake Flash updates). After successful infiltration, this malicious program encrypts files stored on users' computers (*.doc, *.docx, *.xls, *.ppt, *.psd, *.pdf, *.eps, *.ai, *.cdr, *.jpg, etc.) and demands payment of a $500 ransom (in Bitcoins) to decrypt them. Cyber criminals responsible for releasing this rogue program, ensure that it executes on all Windows versions (Windows XP, Windows Vista, Windows 7, and Windows 8). CryptoWall ransomware creates HELP_DECRYPT.PNG, HELP_DECRYPT.HTML and HELP_DECRYPT.TXT files within each folder containing the encrypted files.


"Note that at time of writing, there were no known tools capable of decrypting files encrypted by CryptoWall without paying the ransom." 12 September 2015 
==============================

 

There is generally no good business reason why typical corporate workstation/laptop users should:
- have local administrator access
- have enabled USB ports
- need to open office productivity tools documents containing macros

These features should be disabled.

My "honor among thieves" statement relates to the tendency, as observed, that payment of the "ransom" in Bitcoins has been the only current successful way of retrieving the encrypted data/disks. The alternative is frequent backups.

Source: PeopleSoft Technology Blog

We'd love to get your feedback on this; you'll need a UKOUG login to provide it, so if you don't have one, please click on 'create a web profile' first.

Send this page to your friend

Your details

Your friend's details

Submit

Top