N/A

Will You Pay The Ransom to CryptoLocker?

CryptoLocker has extorted millions of dollars from victims - people like you. Crytolocker infects personal and business data on your computer. To date there is no known cure. Only prevention.

Don't let CryptoLocker trick you. Infection is a very serious threat to your personal and business files. The most dangerous threat in many years.

This email is for YOU, not just for your IT support people.

CryptoLocker infects your computer and encrypts your files to make them unreadable. After performing the dirty deed of encryption, CryptoLocker demands that you pay a ransom for the decryption key to restore your files. While you are deciding whether or not to pay the ransom, you cannot read your own data!

What makes CryptoLocker particularly menacing is that there is currently no known way to recover your files without the decryption key (other than a reinstall and restore process). Compounding the menace, CryptoLocker is very clever at tricking victims to download this infection.

To date, CryptoLocker spreads mainly through email attachments and through already infected PCs. CryptoLocker also can infect from malicious or infected websites.

CryptoLocker targets many file types including documents, spreadsheets, databases and images.

Once your PC is infected, CryptoLocker searches for files to encrypt on all drives and in all folders it can access from your computer. This includes network files, DropBox, cloud storage, and more. One infected PC on your network could potentially bring down your entire company.To learn more about the ransom and what you can do to prevent CryptoLocker from infecting your computers

Of course, you may be able to restore your files from backup--if you have a current and usable backup. 

The Ransom

What if you decide to pay the ransom?

The price to unlock your files varies depending on the type of currency accepted. Originally, the price was set at about $300 and you had 72 to 96 hours to send money to the criminal -- usually via Bitcoin, to thwart traceability. 

If you fail to pay the ransom in that timeframe, you get a second chance--but the ransom rises to $2,000 or more.

Should you decide to pay the ransom, you are still vulnerable.

To unencrypt your files, the criminals require you to install a “utility”. The utility does unencrypt your files, but it may also reinstall CryptoLocker! Who knows when the crooks might ask for another ransom.

Although CryptoLocker is the first ransom ware to use strong, irreversible encryption, it won’t be the last. CryptoLocker continues to evolve. The next variant is likely to be even more clever at tricking you into 'opening the door' to your PC.

Recovery from CryptoLocker

Though CryptoLocker can be removed, the encrypted files remain.  

Unfortunately, the best road to recovery is to completely wipe the PC and reinstall of Windows.

You would then restore data from a backup that was made pre-infection. Obviously, this restore process is not pleasant to contemplate. There are many potential complications to consider.

The  irreversible damage that CryptoLocker can do to your data reminds us of the following lessons to be learned and relearned.

  • Implement preventative defenses before you are infected. (See Below)

  • Design, deploy and test a multi-level backup and recovery strategy.

Because CryptoLocker crawls any network shares accessible by the infected PC, it is critical that your backup strategy include the ability to recover older versions of files from non-infected storage (typically off-site).

Now is a good time to assess what data your users are storing locally and how much it would cost to recover that data should it become completely inaccessible.

If you want help implementing preventative defensives or a modern backup strategy, This email address is being protected from spambots. You need JavaScript enabled to view it.,

Defenses to Help Prevent CryptoLocker (and other Malware) Attacks

Fortunately, there are ways to minimize the threat that CryptoLocker (or other malware) will infect your network

For our clients, we recommend a layered approach to security. This includes:

    1. Endpoint Protection, which includes 'antivirus' software. The best products detect and block known versions of malware. They also identify newer variants; blocks exploits; and prevent “drive-by” infections by blacklisting known malicious websites.

    2. Perimeter protection.  (firewall/routers with anti-malware software). These products also reduce the risk of infection. No endpoint (anti-virus) software is 100% effective.  Perimeter protection is the next layer of defense.

    3. Replace discontinued operating system or software that is no longer being supported by the manufacturer. For example, after April 8, 2014 Microsoft is discontinuing support for Windows XP and Office 2003. Therefore, Microsoft will no longer send security updates to help protect against malware and other security compromises. If you are using these products, you will be an easy target for CryptoLocker, identity thieves and other crooks.

    4. Proper network maintenance such as applying the latest updates to your computers, cleaning up unnecessary temporary files, etc.

    5. User Training and awareness.Train your users on and yourself on proper “netiquette” and security procedures. This includes training on best practices for using email, paying attention to attachments and embedded links, and surfing websitesMany security breaches use 'social engineering' to bypass sophisticated hardware and software barriers. Social engineering involves enticing or tricking end-users to click on dangerous links or to compromise password security.

    6. Ensure that your employees do NOT have administrator privileges on their local workstations. (Exceptions apply). Most viruses propagate using the administrator install credentials. Guest users should not have the install privilege. In fact many careful IT professional will take away from themselves administrative privileges on the Login ID they use for day-to-day work.They will setup a separate Login ID for tasks requiring administrative privileges.  With this approach, they reduce the risk of inadvertently 'opening the door' for malware.

    7. Create a multi-level backup and recovery strategy. Retain multiple  versions, rather than just backing up the latest version. Ensure that the backup strategy includes both on-site and off-site options. Create policies that include performing test restores on a regular basis.

    8. Implement daily 'alert' emails of backup status (success/failure). Configure to send those emails not just the IT department, but also to a senior executive or business owner.For a blog article on these  status alerts, click here.

Resources for this article include: BleepingComputer.com, nakedsecurity.sophos.com, darkreading.com and blog.malwarebytes.org

 

ABOUT MBSG

We design and support the sytems that run your business.

MBSG Services Include

  • IT Consulting -- design and support of IT infrastructure on the ground and in the cloud.

  • Accounting software and everything it connects with.

  • Financial and Operational reporting tools.

  • Work Flow Automation and simplification.

    www.mbsg.net    This email address is being protected from spambots. You need JavaScript enabled to view it.  818 865-1373