You know how we techies are always telling you to backup? Now ransomware is no joke. Targetting small businesses through socially-engineered emails, this kidnapware issues a big box popup demanding $300 for the return of your docs. And it means business, in that it traverses your user folders searching for doc, docx, xsl, xslx and so on… You know–STUFF! Then it encrypts them with AES. They claim they will provide your private key to unlock these files, although I wouldn’t trust them based on the history of Sirefef (Zero Access,) the FBI virus, and so on. Generally, you pays your money, and you gets… nothing. (Note the screen above is the graphic that appears after the virus was removed.)
Luckily, this small business was backing up to Carbonite. But that presents another dilemma: Carbonite was running for some hours overnight, backing up the encrypted files. They provide something like the last 12 revisions, but not through the simple “Restore my Files” tray app. Carbonite techs are on the case, and I expect a call from them in the next day or so. Any company would be wise to employ both a cloud and local backup that offers versioning for their most important data.
This particular variant left QBW company files alone, and didn’t bother with the 2 sample JPGs in Pictures. But let me reiterate, if you run Windows and you’re not backing up everyday, you’re playing Russian Roulette. Literally.