One of the biggest threats to the security of any business network is malware. There are many different forms of malware out there that can infect systems in a nearly unlimited number of ways. In the past few weeks there have been numerous stories about CryptoLocker - a new form of ransomware that is proving to be a problem for many companies.
Knowledge is power so finding out more about CryptoLocker is recommended, as well as how you can take steps to protect your systems.
What is CryptoLocker? Ransomware is a virus that locks important files or systems and requests that users pay a ransom to unlock them. This is not a new form of malware, but there has been a recent resurgence and CryptoLocker is leading the way.
This particularly nasty piece of malware infects user systems and locks files, threatening to delete them unless the hacker is paid. It is being spread four different ways:
- As an email sent to company addresses pretending to be from customer support from FedEx, UPS, DHL, etc. The virus is attached to the email, usually labeled as a tracking number.
- In PDF documents that are attached to emails.
- Via hacked websites that can exploit computer vulnerabilities to install the infection.
- Through trojans that pretend to be programs you need to download in order to watch videos online.
What happens if I get infected? If your system is infected your files will be encrypted and a pop-up message displayed informing you that your personal files have been encrypted and that in order to get the key to unlock them (the private key) you need to pay up to USD$300, or a similar amount in another currency. This amount seems to change and has increased, with older versions asking for USD$100.
You will also see a timer counting down from 100 hours. If this reaches zero, your encrypted data will be deleted with a very slim chance of the files being recoverable. The preferred method of payment is in BitCoins - a digital currency. The pop-up window has instructions on how to submit the payment - usually through an online payment method like Green Dot - MoneyPak.
The good news is, once you submit the payment, you will receive a key you can enter to unlock your files. The hackers have said that they won't re-infect systems, and network security companies have confirmed that so far, this has been the case.
While many up-to-date virus and security scanners will pick up CryptoLocker, most won't be able to recover or decrypt files even if the malware itself is deleted. If you see the pop-up window, it's probably too late.
How do I prevent CryptoLocker from infecting my systems? This is a serious piece of malware that should not be taken lightly. If you are worried about your systems being infected, here are five things you can do to prevent that from happening:
- Be proactive - It is a good idea to educate yourself and your staff about this piece of malware and even implement and reinforce a no installing your own software rule. Also, having a backup and disaster recovery plan in place and functioning will go a long way in limiting the damage this program can do.
- Check your emails closely - Closely look at every email that comes into your inbox. Pay attention to who sent it, the body text and even the subject line. If you see a slight spelling mistake in the name or even in the address e.g., email@example.com, you should be careful or maybe just immediately delete the email.
- Beware of attachments - Always look at your attachments. If you get an email with an attachment from any sender you don't personally know don't open it. If you get an attachment from people you do know, but it isn't something they would normally send, don't open it. For all other attachments, try confirming that the file attached is in fact legitimate by asking the sender.
- Backup your data - Be sure to always backup your data on a regular basis. If you backup files on a daily or even weekly basis and are infected, you can easily wipe your hard drives and start again without losing much in the way of data.
- Know what to do if infected - If you are infected the first thing you should do is disconnect from the network to limit the chance of the virus spreading to other systems. If you have backed up your system and data, you can probably revert your system. If not, your best plan of attack would be to contact us to see if we can help, as we may be able to get around the encryption or even delete it.