Ransomware Virus Attacks
A recrudescence of virus attacks encrypting data files and requiring a ransom to unblock them is currently observed among all French companies. A new version of this type of virus has been particularly active for a few days, including on Mac . An extremely dangerous threat that can cause data loss! Impacted data can be located locally on the infected workstation (s), but also on the server shares.
PC infected with the virus Locky
The consequences can be very cumbersome, since there is no alternative to restoring the data and the system to an earlier date (before viral attack), provided that the backups have been carried out (also at the level of the personal work places).
The virus is integrated in a message copying the reception of a fax, for example “Your scanned file is in this mail” whose attachment is a ZIP archive of the type “fax.zip”, “invoice.zip” or “invoice .zip “.
This is therefore an extremely dangerous threat and one of the most advanced encryption devices available.
In order to protect themselves against these risks, the first protections are first and foremost to be considered at the level of the end user, so IRCF recommends that the following preventive measures be carried out without delay,
1. Immediately sensitize users
Most of these messages are unsolicited, from an unknown transmitter; It is therefore strongly advised:
- Not to download unknown programs,
- Not to open unexpected attachments and / or dubious originals,
- Do not click on questionable links.
2. Perform immediate and regular backup of user files
On offline media (USB stick, external hard drive, DVD).
3. Update anti-virus without further delay
4. Proceed with the application of security patches
- Operating system,
- Internet Browsers,
- Applications used.
In case of infection
- Do not pay any ransom: the payment of the ransom does not guarantee neither the decryption of the files nor the security of the means of payment used. It can in particular lead to the installation of additional viruses on the used station.
- Immediately turn off the infected PC.
- Immediately disconnect the infected PC from the network.
- Contact the IRCF Maintenance Department at 05 53 46 38 47