A new strain of "ransomware" is striking
A new, "scary" strain of ransomware -- a type of malware that demands payment before allowing a computer user to access a device or network -- has been detected, according to a warning issued on Monday by the CEO of the info-tech security company KnowBe4.
The virus is called VirRansom and is self-replicating, according to CEO Stu Sjouwerman. The virus will infect every file it can find and demands bitcoin in payment.
Companies should be aware that the ransomware can aggressively attack company networks, he said.
"This ransomware threat utilizes both ransomware and parasitic virus features," Sjouwerman said in a statement. "VirRansom is a full fledged virus which will spread across your network and doing a less than perfect job on the disinfection can easily lead to reinfection of your whole network."
Such parasitic viruses are particularly insidious, he said, and difficult for antivirus companies to keep up with.
Here's what he recommends to help deal with such attacks:
1. Test the restore function of your backups and make sure it works, and have a full set of backups offsite.
2. Start thinking about asynchronous real-time backups so you can restore files with a few mouse clicks.
3. Get rid of mapped drives and use UNC (universal naming convention) links for shared folders.
4. Look into Whitelisting software that only allows known-good executables to run.
5. Update or enforce security policy best practices, such as thorough security awareness training to prevent these types of infections to begin with because the infection vector is your end-user opening up an attachment or clicking on a link.
