top of page

Ransomware Viruses

Had contact with a client last week who had an issue with a virus called zepto.

I've heard of the ransomware viruses but not had any experience of them.

So, basically what happened was someone had their email account hacked and the baddies used this hacked account to send out this zepto virus to all the contacts. Usually you'd spot it, but they had even looked thorugh the mssages to get an idea of how the person worded themselves, so the message that arrived looked completely legit.

In the message was a photo. Double click.......

Anyways, what happened in a few seconds, this virus duplicated all the pdf, excel, word etc files, proceeded to change all the names and filetype, encrypted the files and then deleted the original files. It included a new html file with instructions of how to pay them to un-encrypt the files with bitcoins.

So, after the initial panic, it seemed a simple case of just delete the new files and restore from the back up drive that was faithfully attached to the PC.

But here was the kicker. Any attached drive also had all it's files changed and deleted in such a way, that even the "restore to previous versions" had all gone. There were no backups of older files.

He had a well known up to date virus checker too which missed the file.

So complete and utter loss. All the files, including the backups, gone. And as they were sitting in dropbox, those were changed too. And so were all those linked files from dropbox on his laptop.

New panic sets in. Basically it had chaged the lot, including all the backups on the attached hard drive.

How did he get around it? At this point the thought was, he would have to fork out for the un-encrypt key.

However, there were a couple of things that saved him. One is dropbox. Although it had somehow deleted all prior versons of the files there too, dropbox are able to "rollback" the folder (s) affected. So, you can see quickly when the virus did it's job and say to dropbox please roll back to just before this time on this day. Downside is you lose eveything done after that time, but theyget back everything before. You only have 30 days to do that I think. So that was excellent.

Also, there was another laptop, which had not been turned on for a few days. On there were all the files from dropbox, but from a few days ago. If the dropbox angle didn't work, then he could search dropbox online for all the .zepto files, delete them all, then restore from the laptop. Just make sure the internet is off when you turn on the laptop otherwise dropbox will do it's thing and replace all the files on it too. Copy the files off before you switch internet back on, then re-upload.

The lesson I learnt, is take backups, but then have a drive that you backup to and remove it from the computer sometimes. I tend to leave my computers on all the time, to make sure that my laptop and desktop are synced up with the latest dropbox files. So offline backups are good. And the second thing, use dropbox. even if you don't need to sync with anything else. It gives that "rollback" just in case.

And it doesn't look like macs are exempt from this type of virus. So don't open files unless you are 100% sure they're ok. Use virus protection and keep up to date. Use dropbox. Keep a backup, and unplug that harddrive from the computer.

accountants derby paul roscoe

Featured Posts
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Social Icon
bottom of page