Cyber Security – Telascrypt Ransomware Alert

Total
3
Shares

Teslacrypt Ransomware

Ransomware is software that locks your files via encryption and holds them for ransom until you pay the set amount of money usually in the form of Bitcoin or MoneyPak. Testlacrypt is a variant of this type of software. It is not possible unlock the files without obtaining the encryption key from the attacker.

How it spreads:

This spreads via email scams containing infected attachments. For example:

Donnie Emily 12 March 2016 at 14:01 Urgent Notice # 78815053

Dear Customer!

According to our data you owe our company a sum of $452,49. There are records saying that you have ordered goods in a total amount of $ 452,49 in the third quarter of 2015. Invoice has been paid only partially. The unpaid invoice #78815053 is enclosed below for your revision. We are writing to you, hoping for understanding and in anticipation of the early repayment of debt. Please check out the file and do not hesitate to pay off the debt. Otherwise we will have to start a legal action against you.

Regards, Donnie

758 N Davis St, Jacksonville, FL 17323 Phone nr: 026-762-3482

Attachment: sidfladsfnqq.zip

From: Date: Subject:

Prevention:

Do not open email attachments from suspicious senders. Do not open email attachments from known senders if they look suspicious. Even if you do know the sender of a suspicious attachment, it would be wise to follow up with them and ask if they intended to send the attachment as his or her mail account could have been taken over. In short, be very cautious and skeptical of any attachment you receive from unknown senders or in suspicious emails. It is also good practice to not use Windows as an administrative user. Windows keeps hidden backups of files via a technology called Volume Shadow Copy. Not running as an administrative user ensures that the ransomware cannot encrypt those backups as well. Your system administrator will know how to recover files from Volume Shadow Copy. The same applies to Mac OS X as it is just as vulnerable to these types of attacks.

Recovery:

If you are afflicted with Testlacrypt, do not pay the ransom. There is no guarantee that you will receive the encryption key after doing so. Your best bet is having a good recent backup to recover from.

Reference:

Malware spam: “Urgent Notice # 78815053” leads to Teslacrypt

Join the Conversation on Linkedin | About PEO Compass

The PEO Compass is a friendly convergence of professionals and friends in the PEO industry sharing insights, ideas and intelligence to make us all better.

All writers specialize in Professional Employer Organization (PEO) business services such as Workers Compensation, Mergers & Acquisitions, Data Management, Employment Practices Liability (EPLI), Cyber Liability Insurance, Health Insurance, Occupational Accident Insurance, Business Insurance, Client Company, Casualty Insurance, Disability Insurance and more.

To contact a PEO expert, please visit Libertate Insurance Services, LLC and RiskMD.

close

Subscribe for PEO industry insights delivered to your inbox!