A new variant of ransomware, the malicious software that encrypts your files and requires a specified amount of money to unlock them, was discovered in February.
According to Cyberheist News, this version of CryptoWall has hit end-users with malicious .CHM attachments that infect networks with the latest and most sophisticated file-encrypting ransomware. The latest wrinkle is that the fake “incoming fax report” email looks to the user to come from a machine in their own domain.
CryptoWall 3.0 is the most recent version of the original CryptoLocker, which arrived on the scene in September, 2013 and made $27 million in ransom over the first few months. This file-encrypting ransomware tries to trick end-users by masking its malicious payload as an innocent attachment.
Once the user opens it, the payload encrypts the files of all mapped drives and demands about $500 in ransom to be paid in Bitcoin. The current attack uses a new attachment: help files with the .CHM extension. Bitdefender Labs discovered the attack in late February, 2015.
The ransomware tries to trick users into opening an innocent looking email attachment that claims to be a fax report from our own organization. But if you open it up, this malware locks all your files and potentially everyone else’s files, too. It then demands a $500 ransom to get your files back. This can happen at the office or at home.
At the moment, this malware is sent in a wave of attacks all over the world.
If you receive an email that claims to be a fax report that seems to come from your own domain (for example: yourcompanyname.com), but has the .CHM file extension, do not open it or forward it to anyone, just delete it immediately.
Remember, your computer will not just “get infected” with ransomware. You have to click on something or open something (perhaps unintentionally) to activate the trigger. Always think before you click!
Here are 5 more tips to protect your business from ransomware.