You're browsing the 'net watching cat videos then....the Crypto virus pops up saying you're infected and your files are encrypted.  Time to recover from backup. (You do backup, right?)

This week saw the news that Italian covert hackers Hacking Team were themselves, hacked.  It has been revealed much of their private "toolkit", which was for sale to various Governments and Enterprise Companies, has been made public.

Of particular excitement (if you could call it that) are 2 vulnerabilities for the Adobe Flash framework, often used to display banner advertisements.

This was compounded this afternoon when we became aware of a PC becoming infected by the Cryptofortress virus, despite no emails being opened (the traditional distribution method).

We acted swiftly and enacted our standard procedures to contain the virus, then discover the source.

It was then revealed that the source was from a website.  Simply browsing to it was enough to become infected.

This example highlights the current threats to everyone's data.  The system in this case was more up to date than most: web filtering firewall, current antivirus and the Flash installed was within a day or two old (more than most).  The only option left is to use the ultimate data prevention measure: the recovery of data from backup.

In this case, the file server was covered for file revisions, so recovery of those was straight-forward.  The (Dropbox style) shared folders were a corporate plan, so file revisions were available to roll back to; this in itself is another example of why personal Dropbox accounts are not at all suitable for corporate data.

For the time being, we have removed Adobe Flash from our Managed clients' PCs.  Early next week there should be enough information available to understand this latest threat and ensure which versions of Flash are safe to run, so it will be rolled out again using our Management software.

Here's a list of things you should ensure are being done in your Organisation to protect your data:

• Take good backups: at least files and at the very least also have a copy offline and offsite.  (This can be as simple as a copy to a USB drive or two done manually). Test your backup recoveries actually work!
• Run active prevention tools which have their updates applied frequently: good desktop antivirus, a firewall with web filtering, email antivirus
• Update your software: examples include: Windows Updates, Oracle Java, Adobe Flash, Web Browsers (Firefox, Chrome)

It's quite likely you will become a victim at some stage, the time to prepare is now!