A new variant of ransomware making the rounds is called Satana. Focus on the “Satan” part of that.. as the makers clearly intended to draw that connection.
Satana encrypts files and drops lots of extra txt/pdf/etc files into folders to tell you that your files are not accessible unless you pay a ransom. Satana then encrypts the Master Boot Record (MBR) and replaces it with its own. The first time when a user reboots their workstation, Satana’s MBR boot code will load and the only thing the machine will show is Satana’s ransom note in red on black.
Fixing the MBR infection is possible, but decrypting the files usually is not possible. As such, any system displaying this warning is likely beyond the point where you want to salvage it. It will be best to wipe/reload clean.. treating all files/data from it as lost.
More concerning, like most recent ransomware, this variant will attack network shares and cloud services like Dropbox and Google Drive. Any files on those shares or cloud services can be infected.. and when others in your company attempt to open then, their system can become infected. In this way, a single system infection can spread to a company-wide (or even client-wide if Dropbox is used outside your company to share with clients) infection/crisis.
Satana is currently spreading by malware links in e-mails and on infected websites. The best prevention/security posture remains the same as with prior ransomware attacks:
- Remind users to never open unexpected attachments or click links from untrusted sources.
- Even with familiar senders and seemingly-normal links, hover over them to verify that the link really goes where it says it will go, or that the attachment does not contain a secret file extension like pretending to be a pdf when really it is named something.pdf.zip
- On company workstations, avoid visiting websites where drive-by malware attacks/pop-ups are plentiful.. such as Facebook, MSN, and AOL.
- Restrict users from checking personal e-mail on company workstations.
- And most importantly, keep all company workstations protected with corporate-level anti-virus. We recommend Symantec.
See our full list of tips here. And contact us at Erickson Solutions for help or questions!