This may be common knowledge to some, but many people I meet don’t seem to know of the risks when it comes to PDF files.
People often know how risky it is to open Word documents and website links from unknown sources, but many don’t know that PDF files can be just as dangerous, if not more so.
Recently one of my Malaysian clients contacted me. “Steve! all of our spreadsheets are matrix files”. It’s at times like this when you really hope last night’s backups ran smoothly. A quick check showed that they had. I told them to turn off all machines with access to that folder and set off to their office.
It turned out that an old PC, that had been brought out of retirement, no longer had a valid license for the antivirus and so had not received any updated virus definitions.
The person who handled the accounts had received an email earlier that day with a PDF attachment, it looked innocent enough, and of course they receive such emails every day. As usual they had clicked on the PDF, but it did not open, it was forwarded to a colleague, whose PC instantly flagged it as a virus. Unfortunately the damage had already been done, and every excel spreadsheet on the server had been encrypted to a .matrix file, and a friendly warning appeared on the screen stating that all their files had been locked unless they paid a ransom in the form of bitcoin.
Currently there is no decryption tool for this ransomware, and I refuse to allow these people to be paid for their crimes, and so we rolled back to the backup, luckily it had been a quiet day and nothing had been lost. Everything was settled within an hour.
The moral of the story is, you MUST have good antivirus protection that is up-to-date and you MUST have frequent backups.
As a side note, backups must be on a device that is not directly accessible to the PC itself. Having a USB drive plugged in permanently and backing up is great should you have a Hard Disk failure, but with ransomware, your backup will be encrypted too.