All PostsCybersecurityData CentresTechnology

How a Virus Can Manipulate You Into Infecting Your Computer

Security threats can trick you & attack your whole company.

Viruses have come a long way, and they've journeyed down a dark path.

Modern small and medium-sized businesses have usually been able to protect themselves from most virus issues with standard “out of the box” solutions. But with data security and IT security such a huge concern, the standard solution may no longer be enough.

We’ve seen major antivirus vendors get very aggressive when it comes to detection of threats, and that tells us that the potential for security attacks should be taken quite seriously. It’s the equivalent to the Night’s Watch preparing all their swords and shields for battle. You know the White Walkers are out there, and your opportunity to guard your business happens before an inevitable attack. Protect the Wall in your company. (Pardon the Game of Thrones geek-out).

Now the latest “zero-day viruses,” which are viruses that are brand new and not known to antivirus software, are changing tactics and implementing a new method to attack. These nasty critters are relying on social engineering methods to get around all the clever methods that antivirus vendors use to collect information, detect viruses and prevent outbreaks. How can we stay protected if the antivirus companies can’t keep up?

How a Virus Can Infect Your Organization

Very serious IT security threats such the CryptoLocker and Locky Ransomware virus have the capability to bring an organization to a crawl for days.

Consider an organization of 50-100 employees who has limited IT personnel but has invested in an antivirus solution. An employee in accounting receives an email that appears to be from a vendor with an invoice attachment. The email states that they’ve had some problems with their accounting software and that the invoice may require some extra steps to open. It sounds innocent enough – and the email looks legitimate at first glance.

The employee opens the attachment and the message appears to be scrambled – except for the first few lines that say “Enable macro if the data encoding is incorrect.”

This is where “social engineering” steps in, which is the term for how this message manipulates the user to take action. And this particular action brings doom.

The user already trusts the email and was told to expect a couple of extra steps, so they start poking around Microsoft Word or Excel to enable macros. But if they are successful in enabling the option, the virus is released…

The IT Nightmare

Once enabled, the attachment executes code that starts a chain of events that will mark an IT catastrophe for any organization.

The following will occur in short order:

  1. All folders on the local computer are encrypted with an unbreakable encryption method. This might not be on every file, but it will likely impact popular file formats such as pictures, Office documents, PDFs and text files.
  2. The virus then scans through mapped network drives on the infected workstation and does the same to any and all files and folders it can access. So if you’re connected to a network at your office, anyone on that network could be impacted.
  3. It will remove all Volume Shadow copies on all folders wherever possible. These are the automatic file copies on your device which help your system create backups and recover data when necessary.
  4. It will leave a ransom note in each folder it encrypts instructing you to send “Bitcoins” to a DarkNet address, which is essentially an untraceable address that makes it challenging to unencrypt your files otherwise. It sounds like something out of a movie, but it’s holding your system hostage—and will only release it if you pony up the virtual cash.

If it sounds confusing or messy, that’s because it is.

Now, most IT personnel react to reading this as hyperbole. “Who would go and purposely enable macro execution?”

This is the sick ‘beauty’ of the virus. It tricks end users into unlocking its cage.

Imagine the awkward call the employee then has to make to your IT resource on site, fessing up to their horrible mistake. The IT person may then have to take significant time to determine exactly what has occurred.

By the time all is said and done, large parts of your file server could be encrypted and the organization’s productivity may grind to a complete halt.

   Read Related: Phishers, Hackers & Cyber-Attackers: Could My Email System be Hacked    

What Steps Can a Business Take to Arm Themselves?

If you rely on a provider for regular IT support, this is where things change.

Your IT provider should have already applied best practices for ransomware protection and beefed up your antivirus solution. This may pick up the activity of the macro before the infection starts. So even if it’s a zero-day virus, the system should detect irregularities and take precautionary action.

And if the infection does take hold, the IT provider should already have a good idea of what is occurring since they’ll likely be working with multiple clients and business environments on similar issues. They should work quickly to isolate the problem workstation and start restoring backups. These backups should also be ones that are checked daily and tested on a regular basis. Make sure your IT department is on top of those backups for just such an occasion.

Combatting Cybercriminals and Social Engineering

I’ve heard many theories on how to prevent ransomware infections, and this particular infection is the most serious threat I’ve seen in a long time. 40% of organizations end up paying the Bitcoin ransom due to the ill effect on the organization.

If you’re considering paying the ransom, you should be aware that every organization that pays the ransom is helping evolve this generation of threats. The more businesses that pay, the more often we’ll see similar threats attack.

The main way to prevent the virus from ever impacting your company is to prevent the social engineering from having its intended effect.

Combatting social engineering starts with your employees. Develop training and policies to catch threats with a series of checks and balances that your employees can undertake.

If you have users who receive external invoices, resumes and documents via email on a regular basis, then you can train them to spot spoofed emails. These are emails with a forged sender name and address. You can also train them how to spot an anomaly such as a suspicious attachment like the one mentioned in the previous example.

It also helps to have a top tier IT provider to call when you are concerned about any threats and protected against cybercrime. Providers can generally offer consultation on your infrastructure and give you a clear perspective and advice on your security methods.

If you require assistance or advice on your security infrastructure, feel free to reach out to Epic, an MTS company. Whichever provider you use, stay up-to-date on current threats and protect your business.

Rex Storey

Rex works as Senior Technical Manager of Managed Services at EPIC Information Solutions, an MTS company.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *