Hackers appear to be targeting firms in the promotional products industry with a malware virus that has the ability to disrupt and paralyze companies’ computer networks, email and phone systems. Counselor has confirmed that at least several industry businesses have been targeted or affected, but it’s possible more industry firms have been impacted.
The virus comes in an email that can purport to be from a customer. In an example shared by High Caliber Line (asi/43442), the email asks the recipient to click on a link to complete a form related to shipping information. Clicking the link, which can come in a PDF, launches the virus. “It spreads very rapidly throughout your computers and your servers,” says Les Dorfman, executive vice president of High Caliber Line, an Irwindale, CA-based firm that was preyed upon by the virus. “I’ve been in the industry for 35 years, and this is probably the worst virus I’ve ever seen. No one should click that link.”
This scam email message invites recipients to click on a virus-infected link. DO NOT CLICK IT!
Top 40 supplier Hub Pen Company (asi/61966) was among the other industry firms subjected to the malware. “We got it twice,” said Hub Pen’s Pamela Baker, noting the attacks occurred about a month ago. “We have a great IT team though and they remedied the situation before it debilitated our systems.”
The virus first attacked High Caliber Line Thursday. The supplier’s IT team spent 13 hours battling it back, and High Caliber Line was able to keep up with orders by working throughout Friday and Saturday. Then, on Monday, the virus was accidentally launched a second time within High Caliber Line’s system. The IT pros again fended it off, while High Caliber Line utilized manual processes to fulfill customer orders. High Caliber Line’s system was back up and running Tuesday. “It’s very dangerous malware. Everyone in the industry needs to be aware that this is out there,” said Dorfman.
According to the IT team at High Caliber Line, the malware is a “TrickBot” virus that injects itself directly into a computer and quickly spreads through a system. It generates and rapidly downloads other viruses that can shut down computers or cause the computers to go to blue screen. The tech pros at High Caliber Line said the virus has the capacity to cripple a large network for two to four days. They note that one place the infection can hide is in the “C Windows” directory. It could be in the form of a long executable file with “.exe” at the end.
The virus could also lurk in the “system recovery directory” in a similarly formatted file, according to High Caliber Line’s pros. A third place the infection could be hiding is in the “net defender” folder, which can be reached by going to the “C-Drive,” selecting current user, then going to the app data folder, followed by the roaming folder, and then into net defender. A file with the ending “tttvc.exe” is one of the file types the virus generates.
Dorfman said he is proud of his IT team for quickly and successfully combatting the virus given the widespread havoc it can cause. “We have a very sophisticated IT team that did a great job beating this,” Dorfman said.