Accountants’ websites and emails may be targeted by a piece of ransomware that wipes information from their systems if a fee is not paid.
The ICPA discovered that a member had been hit by the Trojan, named Cryptolocker, and that all of his computer’s software and programmes had been completely wiped.
Anita Brown, ICPA senior consultant, issued a letter about the incident, warning other members to be vigilant of the virus.
The "nasty" piece of malware has been around since last year, but only in the last few months has increased in the intensity of its attacks - perhaps due in part to the fact that bitcoin, which it demands as a ransom, has increased in popularity and value.
According to Brown, the malware is targeting computers running on Microsoft Windows. It could appear in the form of either an email attachment that looks legitimate or a pop-up on a website. Once someone has opened an attachment or clicked on a pop-up advert, the software downloads onto the computer and can take a while to take effect.
It encrypts all documents stored to your local computer, and any that are mapped network drives and mountable removable storage, such as connected hard drives and back-up discs.
It then asks the user to hand over two bitcoins, in either MonkeyPak or Ukash prepaid cards. If it isn’t paid within three days, the decryption key is deleted and access to files is lost forever.
“The encryption used is strong, 2048 bit RSA, with the decryption key for your files being stored on a remote server. The odds of being able to break this encryption are almost non-existent,” wrote Brown in a letter to ICPA members.
The ICPA member in question was using a desktop-based accounting package and lost all of his data.
But Aaron Yates, managing director of independent cloud and digital marketing advisors Berea and risk solution Cyber AMI, said that one way he could have recovered his information was if he had it backed up to the cloud.
“The cloud throws up different security risks. But in this instance, if the member had been using cloud-based accounting software, his information would have been easily retrievable,” he said.
Cloud-based accounting software provider Xero confirmed that this was the case with users of the cloud, and managing director Gary Turner said: “The worst that should happen with cloud-based software and data whenever a PC is compromised with malware or a virus is that the user can just clean and reformat their PC from scratch without worrying about losing or restoring their data, or move to a different unaffected device in order to continue working. “
Managing director of another cloud-based accounting software, Barbara Kroll of Twinfield, agreed: "Provided you chose a serious cloud provider with a detailed and sophisticated security policy in terms of anti-virus, anti-hacking, anti-malware, etc precautions, your data will always be safe and ready for use. If you hard disk corrupts, you can just open the software and therefore the data on another device. Easy as pie."
Therefore, those affected by the malware can restore their details if they are backed up to the cloud or Shadow Volume Copies of files if users have system restore enabled on your computer.
Yates added that it’s highly unlikely that those using Apple and Linux products will be affected.
The ICPA and Berea had some tips and advice for what accountants can do to minimise risk of being affected:
- Teach your staff to recognise spam/bad emails and make sure they know when not to open attachments
- Back up your files using either an external hard drive that you disconnect after use, or pay for an online back-up service
- Switch to a spam and virus-filtered email address
- Be wary clicking on pop-up ads or other pop-ups on legitimate websites
- Make sure your operating system is up-to-date with the latest security
- Install the latest versions of your internet browsers and update add-ons i.e. Java and Flash
- On Windows 7, double check you’ve set up system restore points or if using Windows 8, configure to keep the ‘file history’
- Don’t open email attachments from spam emails
- Act quickly. If you do accidentally download an attachment that is suspicious, bear in mind it is likely to take some time for the encryption to take place. If you immediately download and run an anti-virus programme, it could destroy the CryptoLocker before all your files have been encrypted - however, you will permanently lose affected files. You should also disconnect it from your wireless or wired network. This will prevent it from further encrypting any files in your network
Is this something that you have had experience with? How have you dealt with it?