28 May

Best practices to avoid CryptoLocker Ransomware

CryptoLocker Ransomware earned 30 million $ in just 100 days

I noticed lately that more and more people I know are aware of the CryptoLocker virus. Not as much as my colleagues, for sure, but each time I mention it, there is at least someone that knows somebody that got this “new” ransom virus that locks all their documents.

It usually spreads via email, such as from your clients, family members, FedEx, banking, credit card, UPS, the electric company. I even got a malware email last week, it came from an inside email address, with a zip attachment saying that I received a voice message. It almost got me, but I remembered that our voice message’s notifications came in mp3s and not in zip files. This virus is harmless as long as the attachment isn’t opened and the email is just deleted, but the truth is that can be very tricky: everyone can get fooled.Crypto-Bang

But what if you do open it… not a good news I’m afraid, as your options are limited:

  • All your documents will be encrypted and impossible to access,
  • All the documents on the network locations you have access to will be encrypted.
  • A pop-up widow will inform you that you have 72 hours to pay 100$ to 300$ in ransom,
  • If you don’t pay they will destroy the private key and your data will by encrypted forever.Cryptolocker_ransom_popup

They even provide Customer Support to Help with the Ransoms payment

So far, there’s still no reliable way to decrypt the files except with the private key that hackers hold. So once you have been infected, you have two choices to have access to your data:

  • Restore your system or
  • Pay the ransom

In the event that your company decides to go with the payment, the hackers will provide an untraceable payment option. Hilarious as it may be, they even provide customer service support to help victims pay the ransoms. Once the payment is completed, you are supposed to receive the private key to unlock the files. But there’s no guarantee, in most cases people do receive the key.

Quite often, opening an email attachment from a regular sender that might have escaped your attention, can infect your computer and network shares in a matter of minutes.

The common practice, so far, is to restore the encrypted data from the most recent backup available. At this point, in order to make sure that the loss is minimal, you should ask your IT Admin a few questions:

  • Do we have a Disaster Recovery Plan?
  • Do we backup your data at least daily, or multiple times daily?
  • Do we have backups in an off-site location?

If you answered no for any of these questions, you should take immediate action. Make an appointment with one of our DR specialists.

In the case of CryptoLocker, “better safe than sorry” is the best plan, so I put together a slide of what you can do to minimize CryptoLocker from hitting you network.Bang_CryptoLocker_Guidelines

If you find this kind of material useful considering following us on LinkedIn. You can find out more about us at
www.bang.ca.

Want to know more about Disaster Recovery Plan and Backup options? Give us a call at 514-949-2336.

Share this