April 19th, 2012
Emsisoft warns about a new ACCDFISA ransomware threat wave on Windows servers
Emsisoft experts have tracked a group of hackers that have been launching targeted attacks on Windows servers running publicly accessible Remote Desktop and Terminal Services. If the attack is successful, the ransomware ACCDFISA is installed and moves important files into encrypted RAR archives. Access to such encrypted files is only possible after paying ransom.
There is nothing anti-virus or anti-malware software can do: Windows servers that can be accessed via RDP from the Internet are currently the No. 1 target of some criminals. If the server relies on weak or no password policies at all, it is easy to crack commonly used user names via dictionary-based brute-force attacks and thus gain access to the system. The hackers can then easily disable any active security software.
Afterwards, they install the malware ACCDFISA that consists of three malicious parts. The most dangerous of them: a crypto malware component, installed as a service. It deletes backups and "hijacks" important data by locking it into encrypted RAR archives. The only way to regain access to your data is by prompt payment of the ransom. Small companies, in particular, are the victims of this trick due to their low IT security level and end up paying the ransom to get their data back.
Important tips for Windows server administrators
- It is vitaly important to use only secure, highly complex password for all user accounts.
- Apply all available updates. Microsoft published an important patch for Remote Desktop service in mid-March.
For a detailed analysis of all ACCDFISA types discovered so far please see:
Emsisoft Blog: The ACCDFISA malware family
Raffle for our loyal Facebook fans
Emsisoft already has more than 3,000 fans on Facebook who always have the newest information about important security announcements, promotions, and updates. Reason enough to celebrate: Win a 1-year license for Emsisoft Internet Security Pack by "liking" Emsisoft on Facebook and commenting on the news about the raffle. Just tell us what your favorite Emsisoft product is and why.
If you like this newsletter, please recommend it to others. Just click on one of the icons here.
Have a nice (malware-free) day!
Christian Mairoll - Emsisoft CEO