The malware unleashes a program that encrypts files and folders, including network shared folders, said Jeff Beauprez, president and CEO of Colorado Networks.
“It then demands a payment of $300 to recover those files,” he said. “A timer also starts and if the payment is not made within that time frame, the encryption keys are lost.”
At this time, there is no recovery of the files, he said. If backup directors have not been impacted, those files might be usable.
The malware hit on Tuesday, he said, and companies across the region are reporting being hit by it. Colorado networks is working with the FBI cyber lab and the Western Cyber Exchange to resolve the threat.
If attacked, businesses should take the following steps:
- If a screen appears stating that files are encrypted, immediately remove the network cable from the workstation to provide limits to the attack.
- All company staff should be restricted from social media, gaming or non-work related websites.
- Backup of data is imperative, but even those files are subject to attack.
- Contact IP providers for the next steps.