Yesterday, one of our CSA users has experienced the attack by the new phobos ransomware. Almost all files in the file server as well as local stations are being encrypted.
The thief demands payment of 20 million dollars in order to unlock the files. If you have not experienced this attack yet, please do the following to protect yourself:
- Make an offline backup of all of your important data, including CSA and accounting data.
- Ask your staff not to open any unknown mail.
- Be careful if you are using VPN for remote access. This may be one way to get into your system.
- Buy 3 external hard disks and rotate them daily for backup. Only one is attached to the system at anytime.
Don’t trust the Symantec antivirus software or similar ones because they are not always up-to-date. Expect the worst and hope for the best.