The CryptoLocker style of malware is probably the nastiest, most sinister criminal activities ever to grace cyberspace. A quick run down in case you’re unfamiliar with this threat.
CryptoLocker is a piece of software that, once installed, encrypts specific data types. Typically it looks for Office documents, accounting files, databases – the sort of documents your business relies on. It will encrypt every file it can find, including those on other machines such as servers or network storage.
Once it has it encrypted the user is presented with a dialog box demanding payment for the key to unencrypt. There is a countdown box a note saying if the payment isn’t made before it reaches zero the key will be deleted and the data lost forever. Normally the ransom demand isn’t that much – about US$100-$500 seems the norm – so the temptation to simply pay and clean up after is very real. Of course they demand payment in Bitcoins which are near impossible to track.
Now of course nobody likes paying a ransom and we strongly advise that you shouldn’t as it simply adds to the problem. Even if you pay the ransom there is no guarantee your files will be unencrypted nor that you won’t get infected again shortly thereafter and have to pay again.
Our advice is prevention. Understanding how these programs can get onto your system allows you to develop a very strong and effective defence.
Nearly all infections we’ve come across come in via email. A spam message arrives with a link to download an invoice, statement, fine, delivery notice etc. It looks like you’re downloading a Word or PDF document but it’s the virus. Once the user clicks on it, it’s too late, the damage is underway.
You need to make sure you’ve got ALL of these defences in place:
- State of the art anti-spam system will stop 99% of the messages from arriving in the first place. Prohibit any email that doesn’t come through this gateway (such as web based mail services).
- A behavioural based anti-virus solution that looks at the behaviour of unknown software rather than trying to compare it with an ever growing database of viruses.
- Make sure you have effective backups that staff can’t access from their workstations. The backups will be useless if they’re also encrypted.
- Train your staff about the dangers of clicking on links from unknown sources.
- Develop a disaster recovery plan that covers this scenario so, in case one of the above preventions fail, business interruption is kept to a minimum.
Of course if you would like to have your network assessed for its exposure to this threat please don’t hesitate to contact us.