CET technicians have encountered another ransomwareinfection in one of our client’s computers! The CrypMIC virus encrypts all ofyour files (documents, pictures, pdf’s, spreadsheets, etc) and demands a ransompayment to secure a key to unlock them. In our client’s case, it was a ransomof over $2,500! In the past, such ransom payments have yielded nothing in theway of a key and the criminals simply extort the money and disappear leavingthe encrypted files encrypted. There is no way of decrypting the files withoutthe key. Only having an unattached backup of the files remedies the situationof lost files.

Unlike many previous ransomware infections which aregenerally distributed through email attachments with a subject line like “Attn:Invoice W-2587639”, CrypMIC is actually being distributed through hackedwebsites. The hack code injects a popup which redirects the website visitor toanother website where they are directed to click on a click which downloads theinfection. Unless the website owner or his/her web designer is vigilant and removesthe hack code quickly, hundreds or possibly thousands of website visitors canpotentially be infected. An example is the recent infection of the culinarysensation “Mr. Chow” restaurants’ website: https://blog.malwarebytes.com/cybercrime/exploits/2016/08/mr-chows-website-serves-up-ransomware/

But, how can you protect yourself? First and foremost, becareful on the internet and avoid popups unless you’re sure of their validity.You can also hover over links on a web page before clicking on them to seewhere you are being directed. Most importantly, backup your files anddocuments. If you need assistance, contact CET and ask about our partnershipwith CarrollNet online backup systems.

If you do get one of these ransomware infections,immediately disconnect your computer from the network and remove any externaldrives like flash drives, backup drives, or external disks to limit the damagecaused by these infections. Shut your computer down and do not restart it.Contact your IT technician who can try to save whatever hasn’t been encryptedyet and remove the infections.

These are nasty infections and once your files areencrypted, there isn’t any practical way to get them back! Be very careful!