ATTN: There’s An Un-Removable New Virus Infecting Fully Protected Computers & Servers.
This is a screen shot of a new “Ransom Virus”. Click on it for a larger image. It tries to scare you by saying there is child porn on your server. It encrypts all your files, threatens to send them to the FBI, and demands thousands of dollars to unencrypt them.
We first saw this virus on a client’s terminal server that was fully patched and up-to-date. So how did they get a virus?
A user had their weak password hacked. Once a hacker has a password to any computer on the network, they can get into the server, disable the antivirus, and install whatever malicious files he wants to without tripping any alarms.
The virus completely locked up their server by encrypting all the files. The pop up message offers the “password” to unlock the files for your credit card number. These are criminals. Do not send them your credit card info.
The only way to safely remove this virus is to restore from a back-up. If you take back-ups once a week, you will lose a week’s worth of data. Our clients get backed up every hour, so we were able to restore their server without losing any information.
How to NOT Get This Virus:
The only way to prevent an attack like this one is to have strong, unique passwords and a policy for changing them regularly. See Bruce’s Webinar on creating and safely storing strong passwords: Tech Bytes: Protect Your Passwords!
As always, if there is ever a question, please call us before you click (or give up your credit card number).
~Bruce