Cyber security investigators have uncovered a new malware nicknamed Jigsaw Ransomware. This new ransomware (similar to cryptolocker) was released on April 11th, and has already infected numerous businesses. Here is what we know about the new strain of malware.
How do companies become infected with the virus?
While it is not entirely known how the virus is deployed, it is thought to be located in an email attachments disguised as word documents, pdfs, images, or other files.
What happens if you become infected?
When the virus is deployed, the ransomware immediately encrypts every file on the victim’s computer and holds those encrypted files for ransom. If the victim immediately pays the ransom, the hacker sends an encryption key to release the files. What makes this virus unique, is that this ransomware has a built in timer. At specified intervals of time, or certain triggers such as rebooting your computer, the virus deletes files at increased increments. The longer the victim takes to pay the ransom or the more the victim tries to unsuccessfully stop the virus, the more files get deleted.
Where did the nickname come from?
The Jigsaw Ransomware received its nickname from the popular 2004 movie series, Saw. When the virus is deployed, the first image that the victim sees on their computer is the iconic Jigsaw mask that the antagonist wears throughout the series, seen above. The movie and the virus have a few uncanny similarities. Both victims have a specified timeline to complete painful, or expensive tasks in order to gain their freedom. If the victim in the movies try to escape their capture without completing the tasks they unfortunately experience a painful and gruesome death. Similarly, if the victims of ransomware attempt to remove the virus on their own, the virus automatically, and painfully, deletes their files.
How can we protect our data?
- Educate! Employees need to be diligent at taking the time to ensure emails received are not from imitation accounts. Frequently attackers will spoof a CEO or high ranking manager’s email by creating a very similar email address. These accounts commonly have one or two letters changed from the original email. In an effort to keep your business safe, Hilltop stays on top of current threats and provides tips on how to keep you up and running without interruption, here.
- Pick up the phone. If an employee unexpectedly receives an email with an attached file, they should contact the original sender to verify the authenticity of the attachment. One phone call can go a long way in protecting the integrity and security their data.
- Invest in a secure backup solution. A secure data backup can make all the difference if a business becomes infected with malware. Backup solutions such as Datto and Dropbox for Business can restore all files to their original format before the infection started.
- Use an email filtering and spam protection software. To stop these emails from getting into employee’s inboxes from the beginning, all businesses should have an email spam filtering such as Reflexion.
If you think you have received a malware virus, or if you want Hilltop Consultants to perform a comprehensive Security Assessment to ensure the safety of your network, contact us today.