214-207-4249 | Influencing Strategic Thinking steague@resourcedomain.com
Select Page
ManageWatch has seen a resurgence of a malicious virus known as CryptoLocker in the past few weeks. This alert will help you become aware of what CryptoLocker does and how you can help prevent an attack that could destroy your data.

Cryptolocker

CRYPTOLOCKER RANSOMWARE VIRUS

The CryptoLocker Virus is a Ransomware that gets into your PC through a downloaded file attachment and encrypts all your personal files and data, then holds the data hostage for ransom. The infected user is issued a 72 hour window to pay the ransom or the private encryption key will be destroyed and the files will remain locked.

WHAT TO DO IF YOU ARE INFECTED

When you discover that a computer is infected with CryptoLocker, the first thing you should do is disconnect it from your wireless or wired network. This will prevent it from further encrypting any files. Some people have reported that once the network connection is disconnected, it will display the CryptoLocker screen.

Contact your IT department or professional immediately
Contact ManageWatch Support | 877-857-5989

If you work on it yourself you should know…

It is important to note that the CryptoLocker infection spawns two processes of itself. If you only terminate one process, the other process will automatically launch the second one again. Instead use a program like Process Explorer and right click on the first process and select Kill Tree. This will terminate both at the same time.

HOW DO YOU BECOME INFECTED WITH CRYPTOLOCKER

This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain self starting files that are disguised as PDF files; they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since email usually does not show extensions by default, they look like normal PDF files and people open them.

For more in-depth information on CryptoLocker, its origins and what it does, you can view Bleeping Computer’s in-depth guide to CryptoLocker here: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

104237444-heartbleed

THE HEARTBLEED BUG

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library.

(What is OpenSSL? Visit the official website for OpenSSL for more information: https://www.openssl.org/)

This weakness allows easy access and theft of the information that Is normally protected by the SSL/TLS encryption used to secure the internet. SSL/TLS is a protocol that provides communication security and privacy over the internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the internet to read the memory of systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users without anyone knowing.

This means that username/ password combinations for the sites everyone considered secure may actually have been hacked and stolen and should be considered as such as of this point because there is no way to know otherwise until it’s too late.

WHAT YOU CAN DO NOW TO PROTECT YOURSELF

As long as the vulnerable version of OpenSSL is in use it can be abused. A fixed version of OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, and independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

1. TEST EVERY WEBSITE YOU VISIT FOR HEARTBLEED VULNERABILITY

There are now several options for users to test a website’s vulnerability to the Heartbleed bug. We’ve included two below that are being widely adopted to check if the OpenSSL for that particular website has been patched.

Heartbleed test | http://filippo.io/Heartbleed/
Heartbleed Checker | https://lastpass.com/heartbleed/

2. CHANGE ALL YOUR PASSWORDS ON SITES THAT HAVE BEEN PATCHED

Change all your passwords on websites that have been patched for the Heartbleed bug AFTER you test the website and see if it is up to date. If you change your passwords on a website that DOES NOT have the patch for Heartbleed, it is highly recommended that you check that website often and change the passwords AGAIN when the site is patched.

3. DO NOT USE THE SAME PASSWORDS AT TWO SITES THAT MATTER TO YOU

Do not ever use the same password at two sites that matter to you. Heartbleed or not, this lowers the security level of any site with that password to the level of the least-secure site where you’ve ever used it. A chain is only as strong as its weakest link; don’t chain your passwords together.

4. USE A PASSWORD MANAGER TO GENERATE DIFFICULT AND UNIQUE PASSWORDS

Use a password manager, which can generate an unlimited set of unique, “difficult” passwords and remember them for you.

5. USE TWO-STEP VERIFICATION PROCESSES WHEN AVAILABLE

Use “two-step” sign-in processes wherever they’re available, such as Gmail.

Due to the increasing public awareness of this bug, articles detailing the Heartbleed bug have surfaced all over the internet about its origins and what it means to internet security in the long run.
You can read more about The Heartbleed bug on the master site including their extensive list of Frequently Asked Questions and an answer regarding what is being leaked, how it’s being leaked, and processes of possible recovery from such leaks: http://www.heartbleed.com