Ransomware infecting Sage 100

We want to make you aware of a relatively new ransomware virus called LeChiffre.  This ransomware virus appears to be more malicious than others reported in the past. We are seeing it infecting both Sage 100 Data and Program files (*.m4p, *.pvc, *.m4t, etc.).

[feature_box_creator style="1" ] For more details see the Sage Support document concerning this virus which Sage posted on Monday January 18, 2016 LeChiffre Ransomware Virus.[/feature_box_creator]

If you do become infected you will note filenames that end with .LeChiffre and Sage 100 will not operate.  You basically have two options to resolve the infection.  You can pay the ransom to get your files unlocked or you can remove the virus from all affected hardware and then restore from backup prior to the infection.  If you do not have a backup and get the virus, your Sage 100 data and programs may become damaged and unrecoverable.

Now is also a good time even if you are not infected, to review your backup procedures and make sure that you have good backup procedures in place.  Some recommendations related to backups are listed below.

• Make sure your data and program files are backed up regularly and restoring of the backed up data is tested.
• Don’t have one backup that gets overwritten every day.  Keep multiple day backups so if one backup is infected you can restore from a previous day which is not infected.
• Always make sure your backup is “disconnected” from the network, since viruses tend to follow mapped drives to spread the infection to other machines in the network.
• Make sure that the backup drive is not available to user workstations as most virus infections start on a user workstation and spread across the network.

As always if you have questions or need assistance, please feel free to contact our support team at 717-735-9109 option 4 or via email at support@rklesolutions.com.