Operation Global III ransomware is proving to be another malicious malware that not only encrypts your data but also infects it. This virus is starting to make it’s way around the internet including some of our clients. Once this ransomware attacks your system, a lock-screen is displayed and requests that a ransom fee be paid in return for your files. All of your file extensions are changed to .EXE and if double clicked or opened will infect and encrypt every computer where these files are launched.
Luckily there is a decryption key that can unlock the encrypted files. With the help of our team, we can help recover the files that this malware has encrypted.
ITEMS TO NOTE:
1. In addition to encrypting files, it also spreads itself to other computers by infecting the files.
2. It does not target only existing mapped drives.
It seeks out all network shares and mounts them so that it can encrypt and infect them as well.
3. If a client pays the ransom fee, there still is no real guarantee that the files will work after the decryption. The decryption piece of the malware is known to be buggy.
4. It is currently decrypt-able for free with a tool that exploits a flaw in its design. Our engineers and technicians understand how to remove this malware using this new tool. Perfect results are still not guaranteed since the malware has bugs when decrypting, and backups will end up being the most reliable source of data recovery.
SUGGESTED PREVENTIVE MEASURES:
1. Review the permissions on your networks. Make sure that only the most absolute access required is in place. The malware only has as much access as the user it infects. This is something we can work with you on.
2. Make sure your backups are in place and are running great. This is something that we do one each of your RSVP visits.
3. Report unusual file behavior as soon as you see it. The sooner you catch it, the sooner we can stop it from accessing the network.
As these different types of viruses continue to evolve and mature, it is more important than ever
to have a policy in place to protect your data.
If you believe your network security has been compromised and your computer has already been infected, please contact us right away to remove this virus and install the decryption code: 414-228-3076.