Thieves are finding new and different ways to get ransomware on your or your customer’s systems. Antivirus software can help in the fight against ransomware, but that’s not always enough. A new type of ransomware, called SyncCrypt, bypasses antivirus protection by duping victims into downloading an image with an embedded ZIP file containing ransomware.
How Does It happen?
SyncCrypt seems to still be sent via phishing attempts. However its payload is delivered in such a way that it evades most antivirus software. The email sends a picture that supposedly masks itself as a court order. When someone clicks on the image, a Windows Script File (WSF) downloads, unpacks and executes the payload from a ZIP file, that then encrypts data and demands a ransom.
What Can You Do?
Turn off the machine.
Unplug storage devices.
Go offline. Unplug networking and disconnect from WiFi.
Use a camera to take a photograph of the ransom note if presented. Notify your IT department either, in-house, or managed service provider.
Make sure they contact the FBI or other appropriate authorities.
Number four in the list above is extremely important, because they will know what kind of solutions to the ransomware encryption there is. Is there a proper backup solution in place? If not, the only recourse is to pay the ransom, and even then you may not get access to the data. In fact, over one third of victims that paid a ransom did not get their data back, according to the Datto State of the Channel Ransomware Report.
A Long-Term Solution
Get a backup/business continuity solution for your business and/or make sure it is able to handle a ransomware attack.
Educate your coworkers and yourself.
Protect your business from infection.
To learn more about ransomware and what you can to do avoid losing your data, check out our eBook: Ransomware Made MSPeasy. This eBook will teach you about the leading causes of ransomware infections in SMBs, the latest malware stats, and the best approach to educating end users. Download it today!