Receive a message in the inbox with notice of receipt of a certified and kill all encrypted files our company and without access letter. This may result in many companies if they have the necessary care, since it seems that the return from vacation we have a new wave of ransomware using a false message Post.
Its operation is simple. We warn us that we have to collect a registered letter that has not been able to deliver. It provides a link for additional information about the shipment we have pending collection. This is the bait to kill infected. At this point if we have any doubt rather than trust an email, better look at our mailbox, portal, where the postmen trying to make the delivery of a registered letter left guards, or even ask our office.
The link will take you to a page that supplants the Post Office to complete the deception where downloading of information. This is an archive in Zip, within which is another who will be responsible to download the file that will handle our files encrypted format.
If despite all those warnings have downloaded and run the file and we realize it is important to disconnect the network cable to isolate the computer and turn it off as soon as possible. Once this is done we have to check for damage on shared folders that could access this equipment, usually located on the server or on other computers in the office.
If we have been very quick damage may have been minimal and remain only on our team. If you will most likely not we have to recover from backups. The team that has caused the infection it is best to format it to be absolutely sure that we have deleted the file that has infected us.
Otherwise we can not rest easy because in a few months could create another variant virus activated again in our systems. Anyway it is not the usual mechanics, because what the attackers is seeking companies to pay an amount to recover encrypted files, and if they did the first time, nothing indicates that re-do the second.