News & Events


A new ransomware attack is underway world-wide, already targeting 20 million plus victims in the first few days. Here are the key facts to date:

  • Attack comes via email from Herbalife confirming an order or from a more generic "copier@______" address
  • Email includes an attachment which when opened launches the ransomware
  • There may be as many as 8,000 variants of the email messages
  • No victims that have paid a ransom have received a decryption tool thus far 

What to do?

First, get the word out to everyone in your organization to be on the lookout for the Herbalife or "copier" email. Make sure all your associates are especially vigilant while this attack is underway and that they do not open attachments in emails, even if they are not one of the identified variants. 

Second, ensure you have offline backups of all your critical data so that if you become a victim, you can recover.  Shadowed or mirrored backups will likely be infected by the malware. Only backups that are offline from your primary systems can be used to recover from a ransomware attack. 

Third, make adjustments to your incident response plan as necessary to prepare for this latest attack. If you do not have an incident response plan, you should immediately begin developing one. 

UHY Advisors is committed to helping our clients and affiliates prepare for and mitigate cybersecurity events like this latest ransomware attack. If you are unsure about your company's preparedness to handle an incident like this one, please reach out to your local UHY Advisors office and ask to speak to a cybersecurity expert.