Hosting Center would like to inform its customers, of a recent wave of CryptoLocker ransomware infections throughout the world.
The CryptoLocker ransomware threat is typically carried out via targeted phishing emails with malicious attachments. These phishing emails are made to look like messages coming from a ?Payroll Department? or legitimate companies such as UPS, FedEx, or DHS.
Victims are enticed into opening email attachments that install malware on their computers and these can be transfer to your server/hosting space via FTP/Mail/Website Admin panel. Once installed, CryptoLocker immediately begins to encrypt any files users have access to, including data on backup drives. The damage done to affected files is irreversible and generally requires restoring locked files from existing back-ups. While most (but not all) major anti-virus software companies can now detect the attack after the fact, CryptoLocker can still encrypt files on the infected computer before being discovered.
Hosting center support has implemented various security measures to augment the overall security posture of the client's server and computing environment. Hosting center uses a layered security philosophy, beginning with (1) host-based protection in the form of antivirus software that OSU members can install on their systems, (2) enterprise tools such as anti-SPAM and virus protection software built into the email system, and (3) border and internal network protection in the form of Intrusion Detection and Prevention devices that are deployed throughout the network environment.
At the time of this announcement, Hosting center is not aware of any instances of CryptoLocker Ransomware within the managed hosting environment.
As always, if you ever receive any suspicious emails, do not open the email (or the email attachment) until you verify with the sender that they sent the message. Always use caution when browsing the Internet.
Microsoft Security Client already detects and removes this threat; however, no antivirus software is 100% effective. Users should be aware that new variants of the malware may not be detected.
Clients should maintain current back-ups of important files and web data/databases, so that in case of any infection, the data loss can be prevented.
For tips on identifying malicious emails, please see the Microsoft article located at http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx. For specific information about the malware, please go to the Microsoft Protection Center at http://www.microsoft.com/security/portal/mmpc/default.aspx and search for the following: ?Trojan:Win32/Crilock.A?.
This update applies to the following products: Microsoft Windows 2000, XP, Vista, Windows 8, Server 2003, Server 2008, and Server 2012.
Friday, May 5, 2017
