Keep up to date with our newsletter
Recently we have noted infections also come in via a download from a web page. This may be a link from a spam Email or a link on a page you are browsing.
Typical Email infections may come in the following forms:-
A ZIP file attached to an email message contains an executable file with the filename and the icon disguised as a PDF file, taking advantage of Windows' default behaviour of hiding the extension from file names to disguise the real .EXE extension. It could be contained in an Email which claims to have any of the following. (this is by no means an exhaustive list).
This macro is written in Visual Basic and once the document is opened it will download the malware from the WWW directly to the user’s machine. If you open a word document and get a message the same or similar to the below message you should be VERY suspicious about it and it would be best to contact your IT provider.
When first run, the payload installs itself in the user profile folder and adds a setting to the computer that causes it to run on startup. It then attempts to contact one of several designated command and control servers on the Internet; once connected, the server generates an encryption code and sends that back to the infected computer.
Whichever form it comes in, once the payload executes, it may attempt to send an email to all contacts in your Outlook contact list with the infection in it. Then it encrypts files across local hard drives and mapped network drives. Once completed, the payload displays a message informing the user that files have been encrypted, and demands a payment through an anonymous pre-paid cash voucher. Payment of the ransom allows the user to download the decryption program, which is pre-loaded with the user's private key.
PLEASE, PLEASE, PLEASE, relay to your staff how UNSAFE it is to open ANY document you are not expecting, even if it says it comes from a known source.
If activated on your system, CryptoLocker and all its variants will encrypt ALL common files that the users workstation has access to, this includes:-
It does this very fast, we have seen it encrypt approx. 110,000 files in under 20 minutes. It is hit and miss if your Firewall, Antivirus, User Policy Restrictions or Email filtering software will filter out the infection. New Variants of this virus are written all the time and some of the variants seem to get caught and some do not.
The following are examples of some of the Emails used to deliver the Virus.
The most recent was the below Email: Yesterday 30/06/2015
You will still find these older infection types also doing the rounds…
Kia Ora ,
Kindly find attached the Payment copy that was transferred to your account and let us know when the shipment will commence.
Margaret C. Sykes
Sales/GM of Export
King- Stone Trading Limited | 105 Hanover Street | PO Box 5743 | Dunedin | New Zealand
Phone: +64 3 471 8730 Facsimile: 64 3 430 8771
You will be DOUBLY at risk of this virus if your staff have access to their WEB based email such as Gmail from a work computer because it can infect in the same way from this source also.
If you are a Focus client with a monitoring plan, Focus will be checking the backups each morning. If you are not then this task is completely up to YOU.
If you do get infected with this virus and you have GOOD BACKUPS, there is still a significant amount of time required to put things right. Backup files can be encrypted too, make sure your backup routine is right by talking to your IT provider.
If you are unsure or have any queries you should call your IT Provider. It’s much better to try to help prevent this than infection than to have to tidy up afterwards!
Focus looks after us well. They are conscious that we are a not-for-profit organisation and they consistently bring best-fit, personalised and cost effective - not cheap - solutions to the table.Sport Southland
Focus ensures they’re always working smarter. Their greatest contribution is in keeping Presbyterian Support Service’s current. Focus keeps us informed and advises us on what we should be considering and how to get there.Presbyterian Support Southland
I have enjoyed attending the EXO User Community Workshops and find them very helpful. The group is a valuable resource that provides a great opportunity to discuss issues and solutions with other users. It is also great to learn about new products and features available, and promotes continual improvements which make our use of EXO easier and more efficient.Graeme Laughton-Mutu, Award Plastics
For high quality IT Services, Software Development, Accounting Business Software services I would highly recommend Focus Technology Group and their team who have always gone over and above to deliver me outstanding results.Mark Lovell, Real Journeys
Focus Technology Group provides support for our EXO system which we use for general ledger, stocks and payments. This has required significant customisation and refinement, in particular to accommodate payments to suppliers. We appreciate the services of Alex Ball who has always risen to the challenge of developing changes to the basic EXO package and has proven himself to be timely, accurate and very capable over a long period.Ross M Chambers, General Manager, Provelco