CERBER virusOne of my Small Business customers contracted the CERBER Ransomware virus this week, here’s how it happened.

My customer runs a small security guard firm here in Lexington. There is quite a bit of turnover of personnel in this business so they regularly place ads on Craigslist for job seekers. One of the responses this week came as an email with the normally brief text along the lines of, “I am interested in the job you advertised on Craigslist, here is my resume”. Attached to the email was a Microsoft Word document, supposedly the resume, with the file name something like, 0001111.doc, unusual but not extraordinary. Well, you are probably ahead of me already so you won’t be surprised to know that this attachment actually contained the CERBER Ransomeware virus.

It’s hard to know whether this was a targeted attack, where a miscreant specifically targets a small business to try and defraud it, or a quasi-targeted attack against anyone who happened to be advertising jobs on Craigslist that day. In either case, it’s important to recognize that the email and it’s attachment were expected by the recipient, looked pretty normal and so her guard was down.

The email didn’t open normally but did eventually open to reveal an actual resume apparently, by this time of course the damage was done. Nothing particularly telling happened on the computer but the virus started encrypting the files on my customers machine until a few days later they were all encrypted, both the data and the file names. Some, but not all for some reason, of the files on her file server were encrypted as well. Fortunately I was able to retrieve the customer’s email files and the Quickbooks data was intact. The virus tried to encrypt Quickbooks, but I suspect the file was open on another computer at the time so it failed.

OK, if you run a small business, ask yourself what you would do if all your email and Quickbooks data were lost suddenly. Do you have a backup and business continuity plan? You should, this is not a freak occurrence and the bad guys are just getting better and better at this.

If you’re an individual, what would you do if all the photos and documents on your computer were suddenly put out of reach? You could pay the extortionists by figuring out how to buy Bitcoins, pay them the $500 or so ransom and hope that they give you the proper decryption key and method. Or you could recover your important documents and pictures from your backup. Those are the only two choices.

If you need expert help in preventing data loss or recovering from a virus attack like this, contact Hartland Computer at 859 667 8999.