Cryptolocker: Malware Just Got a Bit Nastier!

Traditionally the kinds of virus and malware we see on client computers is fairly benign. While it may disrupt the flow of business, it is generally not destructive. It may require a computer to be formatted and reinstalled, but as a rule of thumb, the irreplaceable data is left in tact. It can be quarantined and cleaned. A new piece of Malware called CryptoLocker has changed that. You may have heard about CryptoLocker on the news recently as it represents a change in the way that virus and malware creators are operating.

What is CryptoLocker?

An example of traditional "ransomware"

Example of traditional “ransomware”

CryptoLocker is part of a family of malware called “ransomware.”  “Ransomware” is a program that maliciously takes over your computer and demands a ransom before it gives back control. The goal is to trick users into giving the malware writers money in exchange for returning the “normal” use of their computers. This ransom should NEVER be paid under any circumstances.

CryptoLocker alters this strategy by not just making your computer difficult (or even impossible to use) it automatically encrypts any data it can find on any physical or mapped network drives. The malware then notifies you that the only way to decrypt the data is to pay a ransom and you will get the decryption key. There is a count down timer that will destroy the key forever if the files are not decrypted before the time runs out.

Is It As Bad As It Sounds?

Example of CryptoLocker

Example of CryptoLocker

The reality is that this may actually be worse than it sounds. There is simply no way to decrypt the data without that key and paying the ransom is no guarantee that you will actually receive the correct key. Unfortunately once the data has been encrypted, it should be considered lost forever. The only way to retrieve the data is to restore it from backups or through Windows Previous Version feature (if it is enabled).

Can I Prevent It To Begin With?

The good news is that this malware is very avoidable. A standard rule of internet safety is to NEVER click on a link or file that you did not expect to receive. CryptoLocker is typically distributed via an email that pretends to be from a reputable company such as a shipping company (UPS, FedEx, etc.) regarding a customer support issue.  If you receive one of these emails either delete it immediately or reach out to a member of the ISOutsource support team. We can help determine if the email is legitimate.

Are There Any Other Precautions I Should Take?

The old saying is true, “An ounce of prevention is worth a pound of cure!”  Preventions in this case just happen to be great standard practices:

1.  Make sure all antivirus/malware software is up to date.  

This may not keep you protected 100% of the time due to the changing nature of virus and malware software, but it is a great place to start.

2.  Regular monitoring and testing of your backups.

Your backups are only as good as your ability to restore from them. The integrity of your data and your ability to restore it when needed should be regularly put to the test. How? First by making sure that all backup jobs complete properly. Secondly, by testing backups to make sure that data can be successfully retrieved.

3.  Consider a desktop backup solution.

If users are allowed to keep data locally (on their computer) you may want to consider a local backup solution for every computer that has data on it. Web-based solutions are a cost effective way to ensure that local data is being backed up.

4.  Review current data policies

Since CryptoLocker can only encrypt files that the infected user has permission to write to, users should be divided up into security groups and data shares should be locked to only those users who need to access them.

 

What if I Am Infected?

If you ever suspect that a computer you are using has become infected, start by removing it from the network. In the case of a physical connection it should be unplugged from the network. In the case of wireless, simply turn off the wireless. If you are at all concerned call ISOutsource IMMEDIATELY and we will be able to help you.

 

If you have any questions or concerns, call us today! ISOutsource has been keeping our clients happy, productive and supported through these kinds of issues for over 21 years.

Toll Free: (800) 240-2821 Press Option 1. 

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>