Ah, that would be $1,058 Australian, of course.
I was momentarily excited that three bitcoins was worth that much (I've still got a few laying around). No such luck.
Cryptowall attackers are smashing businesses in the Australian state of Queensland, according to the owner of a Townsville sex shop which has paid $1,058 to ransomware attackers to have its files unlocked. The third iteration of the dangerous ransomware hit Sweethearts, which describes itself as Queensland's oldest sex shop, …
It wouldn't matter. This sounds like spear phishing as the infected e-mail looked convincingly like business correspondence (an application), which meant the only way to be sure is to see it, and since the mere seeing of it can trip the exploit...
And yes, HTML is becoming more and more necessary for e-mail as there are some things that just can't be conveyed easily through variable text that can appear any sort of way at the other end. Now, if e-mail clients were restricted to low-version HTML and no remote components, we can still enjoy most of the cake.
Seek job applicants come in on emails that contain no html at all. They are plain text with 2 links in them back to the seek page with the CV and cover letter attached (if the applicant decided to send one). It would be very very easy to bodge something that looks identical.
I doubt very much that just seeing the email will trigger the exploit. More likely the attached files were really .zip or .exe and were run.
This sounds like the major break that computer manufacturers have been dying until. The old you need to use a spare computer trick. I wonder if it will ever catch on before the industry dies or will people start using old mobile phones and bury it?
Oohhh. What if they create separate accounts and use them with different user sign in identities?
That's it, I am selling all my IBM shares. Any body want to buy some?
Clearly, there aren't decent ones in the area.
Apparently not and not just for that howler either.
It seems that a number of small businesses have saved $300 on a NAS and $300 on a bit of tech advice to run their backups..... then are whining that their tightfisted approach to what appears to be a business critical system has cost them $1000.
Shocking approach to IT.
Must be a hell of an exploit to be able to execute code from a preview pane and get out into the wider system.
Seriously is that even possible these days? I haven't seen a remote execution on preview for outlook since about '04. I suspect what has happened is they have received a file called resume.docx.exe or something similar and run it.
Resume.doc.exe? No, my logs are just full of incoming Resume.doc and Resume.zip. Nothing complex, like a double extension. But I am using Eudora here. HTML is only enabled when I request it enabled -- on a message by message basis. And the ZIPs get sent to 7-Zip by default, not Windows.
"Must be a hell of an exploit to be able to execute code from a preview pane and get out into the wider system."
Nah, all of these things I've seen are just an executable attachment masquerading a document. Ten will get you twenty he opened an attachment named resume.exe or something similar.
4 words - backup, backup, backup daily!
And do that to an off-line device, not the cloud. Cloud services can be compromised. Get a 2-3TB sata or usb 3.0 disc, and backup all your data there daily. Myself, I do a system bit-image backup of hte system drive so I can restore the entire operating system if necessary, and bit-image backups of the data drives. These can be easily compressed when doing the backup to take less space than the original drives. If you don't, then you are subject to this sort of ransomware.
Next thing that will happen, if it doesn't already, is that this kind of malware will just sit there, hidden, for a month or two, and then activate. Even if you have a backup regime with sufficient generations that you can re-create an uninfected system, and you have a way to tell, your business data will be rather fscked.
Get a 2-3TB sata or usb 3.0 disc, and backup all your data there daily.
A reasonable idea as long as A) this is enough and B) you have the time and patience to do this.
A 1TB back up would take around an hour to complete each day and this doesnt include the time required to test the validity etc. If you are a business which pretty much runs on emails, purchase orders and contracts this will probably be enough (especially if you only backup diffs) but if you need to back up any types of content then you might discover 3 TB is insufficient pretty quickly.
I agree it needs to be off-line as if the device is connected at the time the ransomware is running, you can say bye bye to all the backed up data as well.
"4 words - backup, backup, backup daily!"
And fer Christ's sake don't give users write access to the backup. There are good reasons why all those Unix (and its bastard offspring) systems have a dedicated backup user...
And don't rely on a single copy, keep a historic copy or two. Storage is cheap, a lot cheaper than the ransom.
> state and federal police along with the federal Australian Cybercrime Online Reporting Network is unable or unwilling to help.
Clients of *Net scum* should be happy to know that their generous donation is funding the black ops of allied nations and their death squads. Every time you decrypt a file a child dies in Syria / Iraq / Libya / Sudan / Donbass / Yemen. The only other possible conclusion is that the 5-eyes intelligence services are all smoke and mirrors, a threat rather than a value, completely useless at protecting anything. I'll go for the state sponsored terrorism theorem as more likely.
Lots of people think they make "backups"
What did they miss:
1) Archives
a) Tax office wants something from X years ago
b) Boss needs a customer file from long ago
c) How did we work thought this type of problem in the past?
2) Near line backup
a) "opps I deleted my report for a customer"
b) PFY just doesn't understand how to configure something so its rollback time
3) Disaster recovery
a) File server raid card died and we can't get one that talks to the existing disks anymore
b) The building burned down
c) The crazy guy in development was sacked and now all the files are funny
d) Synolocker is running on the sales XP box
I see a lot of attachments at the mail server here every day with names like resume.doc.scr - to the average luser this looks like a resume and when the open it the file just appears to close and they figure that the poor sucker sent them an empty document.
Currently I'm seeing about five .scr files to every .exe or .doc/.xls infected file although java script nuggets are becoming more popular. I block them all at the mail server.
I have been getting a few dropbox invites just recently, but i'm behind smsmse and I set the content filtering to drop any email that contains any executible file whether exe, cmd scr etc. Seems to work well.
Also implimented a file scanning rule on windows servers (courtesy of spiceworks) that if we / client gets unlucky and gets infected and starts mass file modifications / decrypt.txt files start appearing, it effectively blocks that IP, or blocks the file saves (can't remember off the top of my head)
I have seen it three times, twice in businesses and once as a residential job, but his one was a bugger because it took out his backup too as his backup hdd was always left connected.
For those of you bleating "backup", may I remind you that the latest round of this particular nastyware hangs around for a while encrypting/decrypting files on the fly... which means that the backups themselves contain nothing but encrypted files by the time the virus pulls the plug on the decryption part of things.
So no, it is entirely possible that backups would NOT have helped.
Then you also have to factor in the cost of toner, paper, storage, probably locks, and labor in case the stuff actually has to be restored to an electronic format. Plus this does nothing for stuff (like programs) that don't convert easily to paper, and anything that can preserve a program can preserve a malware.