New Ransomware Attacks Your Entire Hard Drive


Sometimes it seems like we send out too many emails warning our customers of new threats. Seeing too many of these can lead to fatigue, where people simply don’t read them at all. Please take a minute and read over this one and pass it along to all the people that work with you.

First, let’s catch up any new readers. Ransomware has been plaguing customers for the past couple of years. It’s really, really bad. Typically, a user clicks on an attachment in email that is disguised as something that they want or need. It might be a UPS invoice, a voicemail, a fax, or a fake bill. When you click on it nothing obvious happens and you move on with your day. In the background, however, a program is quietly encrypting every file on your machine. It starts with anything in Documents, then the Desktop, and then moves to any mounted drives back to the server. In the past, it has left your Operating System alone since you will need it later. Instead it focuses on files like doc, xls, pdf, jpg, mp3, etc. That file list started out fairly small but grew as the malware spread to include QuickBooks files and dozens of other file types. Then they started added features to destroy backups and shadow copies. Once encrypted, there are only 2 ways to get your files back. First, you can restore them from a backup. That works but be prepared to delete Windows and start over. Alternatively, you can pay the ransom. Paying mostly works. For about $500 users get a key that will decrypt their files. More files means a higher payment. Several hospitals made the news paying ransoms of $15,000 and up. Some got their files back, others did not. There is no tech support desk to call if the key doesn’t work. These are criminals and there are no refunds.

Today’s variant is called Petya Ransomware. This one started out posing as a resume sent in by a job seeker. Beware unsolicited resumes! Instead of a pdf file, this one was a link to a Dropbox file. That’s common enough that many people clicked on it. This one does not encrypt your files. Instead, it encrypts the Master File Table on your hard drive. Think of this as a table of contents for your files. Without that TOC, there is no way to get to any files. This includes the basic files needed to start Windows. All you see on boot is this screen:



At this point, you are too late to do anything to save your data. Not only are all of your files gone, but you are going to have to do a full system rebuild, as well. You could, of course, pay the ransom. You might even get a key that unlocks your machine in a day or so. Maybe it will work for you. If it does work, you will have to copy all of your data to another drive and then wipe this one anyway.


“What can I do to protect my company?”


There are several steps that you can take to make sure that your company is protected. The first, and most important, is also the simplest. Educated Users are the most effective defense against malware. If you have any questions about a file, simply don’t open it. Feel free to call us and we will check it for you. Alternatively, try opening it on your phone. Most malware is written to attack Windows PCs. Your phone cannot be harmed by it. If a file opens on your phone and you can see that it really is an invoice or resume, then you can open it on your PC. If your phone will not open it, then it might be a good time to email or call us to check it for you.


Nothing Beats a Good Backup


Inevitably, someone will be busy, the phone is ringing, and they are rushing through a project. An email will arrive and they will click on it without paying attention. Five minutes later, you have a problem. At this point you are relying on your backups. In a typical office, we are trying to save all of the critical data on the server. Nightly, we back up the entire server locally and send the critical files offsite. There are a few exceptions where we have noticed that some of you are keeping numerous files on your PC and we try to back those up for you, as well. That said, most desktops are not being backed up. We rely on you to keep your important files on the server.

So what happens when a desktop has an issue? From time to time, we find ourselves with a damaged desktop. This would certainly happen with ransomware but it also can happen through other issues. When that happens, and we can’t simply clean it up, we have to rebuild the computer. Basically that means wiping the HD, reinstalling Windows, updating Windows, reinstalling each program, and allowing them to all sync up, and recreating all of your personalized settings. As you can see, this can take a while. A few months ago we introduced a new service for our contract customers where we would make regular images of your HD. We call these system images or snapshots. A system image allows us to restore your desktop to the exact state it was in when we did the image in about 1 hour. So, if system images are so good, then why not just do them for everyone? That’s a great question. First, you have to make sure that you have a lot of storage available locally to hold these images. Also, these images can be labor intensive. That’s why we charge an extra fee per desktop to maintain them.



System images are great for customers where time is critical. If you think about all of the desktops in your office, which one(s) are critical to get restored quickly? Some customers say that none are. They can work off their laptop until their machine is repaired. Others might feel differently. Some offices may decide that all of the machines are critical. Most will fall somewhere in between. This is a conversation that we need to have before you have a problem!


What should I communicate to my people to keep us safe?


  1. Attachments can be harmful. Be careful when you open them. Look for the signs that it is not what it seems to be. If there is any doubt, try opening it on your phone or call us.
  2. It’s important that all of your critical files are being backed up. Is anyone storing files on their machine instead of the server?
  3. We back up critical files offsite. Make sure that you haven’t added a new folder that we don’t know about that’s not in that group.
  4. Ask about which machines are critical to your business. Pick the ones where you want us to make regular images.


Comments are closed.