The Virus Taking Over Israel

A malicious virus infected dozens of Israeli companies, including sensitive institutions like financial companies and even a TV channel. It demands payment in exchange for unlocking the infected computers, but unlike its better known cousin CryptoLocker it doesn’t stop even after payment is made. How do you get infected, and how can people protect themselves?
A ransomware-type virus took over the computer system of one of Israel’s TV channels last week. The malicious program encrypted all of the system files, demanding a 400-euro ransom in order to unlock them. The virus apparently infiltrated the system through the computer used by the channel’s CEO. IT personnel eventually took care of the problem without any significant loss of data.
Another payment method offered by the hackers was an amount of bitcoins worth thousands of euros. According to estimation this is another attack in a series of incidents that hit dozens of Israeli companies over the last two weeks, in addition to 250,000 other users affected by similar viruses throughout the world.
How do you get infected by all this goodness? The virus spreads through e-mail messages containing links or attached files. Once a user clicks on a link or attachment the virus activates, downloading itself onto the computer and encrypting the files it finds. If the computer is connected to a network using shared directories, the virus will encrypt those also.
There’s no known way to release the infected files without paying the ransom, but apparently even that doesn’t always solve the problem – in fact, in the case of the Israeli virus, it probably won’t. One of the clients of the cyber security firm CyberHat did pay the ransom, yet their files remained locked. In other cases around the world paying did result in a release.

According to CyberHat founder Guy Mizrachi the virus is attempting to reach a wide variety of users, both private and business organizations. In case of relatively large companies, however, it causes more problems. “We know of a few targeted organizations in Israel and in other countries. In Israel we mainly saw financial companies getting hit, in addition to a few others. This requires a more extensive analysis. If they managed to infilrate my system and install their own codes, is that actually all they did? Maybe they also had access to additional information, such as my client list.”
Investing in a high quality antivirus, said Mizrachi, helps, but it’s not always enough. “Theoretically, if a computer is fully updated and runs an antivirus program, this shouldn’t happen. In practice, however, we’ve seen cases where fully updated computers got infected – the virus itself guided the user and installed itself successfully.”
CyberHat’s founder recommends investing in security technology and developing a familiarity and awareness of online threats. “Users should update their software, including antivirus and operating systems, but the most significant element is personal judgement: What to open, what not to open and which links to avoid. When it comes down to it the users themselves are the most important element of defense.”
Source