CryptoLocker, a new “ransomware” virus, began making the rounds several months ago. But a particularly virulent strain of the infection popped up in mid-September, affecting individuals and business owners alike.
The malware takes hold in a variety of ways: after a user clicks on a link or attachment in a spam email; via exploit kits on hacked websites; or through Trojans that pretend to be required programs to view online videos. Once installed, CryptoLocker scans a computer’s local and network drives, encrypts over 50 different file types, and then demands anywhere from $100-$300 to de-encrypt them.
Unfortunately, without remotely backed-up versions of files — backups connected to an infected computer can be compromised too — many security experts, even if they hate to admit it, say that paying the ransom provides the only recourse to recover lost files. To initiate and execute the de-encryption, which many users and techs say can take hours (and isn’t always failsafe), CryptoLocker hackers are requiring payment through MoneyPak prepaid Green Dot debit cards. That’s good for infected users — no credit card information has to change hands — but bad for law-enforcement officers, who lose a valuable tool in tracking the cybercriminals.
Tech experts say the CryptoLocker virus has stumped the IT community for a variety of reasons:
Most anti-virus programs are so far ineffective at blocking it — and many don’t even notice the virus until it’s silently installed.
Even backing up files, removing the virus, and then reformatting a machine still leaves the backed-up files locked down by encryption.
Since de-encryption requires access to both public and private encryption keys, researchers haven’t discovered an easy way to recover CryptoLocker-affected files without paying the ransom.
Failure to pay the ransom within 72 hours of infection often results in the CryptoLocker de-encryption tool being permanently deleted from a machine.
Rumors flying around the tech world state that the virus has even infected FBI servers and caught the attention of the NSA.
So what can you do to avoid data loss and infection by CryptoLocker?
The first step is to avoid infection in the first place. Prevention is ideal, but if CryptoLocker encrypts your business’ files, having a solid remote backup and disaster recovery plan in place will help you minimize the damage. Just try to imagine what would happen to your business if all of its important files were suddenly locked down with no hope of getting them back.
Never open ANY attachment from ANY sender you don’t recognize. Malware attempts can be sneaky, arriving in the form of what look like Facebook, LinkedIn, shipping, or banking notifications with vaguely named attachments. NEVER open an attachment unless you know the person sending it to you and you’re expecting a file on the topic mentioned.
Hover over ANY link from ANY unfamiliar email before clicking on it.Most email applications and online browser-based services allow you to preview a link by moving your cursor over it. If the domain name that appears has no connection to the sender of the email — or appears as an incoherent list of letters and numbers — it’s probably not safe to click. Any legitimate email from an organization will redirect you to a link with that company’s actual domain name in the URL address.
If you do click on something unsafe and receive a CryptoLocker message, disconnect from your network connection immediately. While this won’t save your computer and files from infection, it could spare any network your machine is connected to from suffering the same fate.
Implement a remote backup and disaster recovery plan. While most businesses think of natural catastrophes like hurricanes or tornados when considering the scary prospect of data loss, the CryptoLocker ransomware virus proves that such havoc can be wreaked from a multitude of seemingly benign sources. That makes a service like CMIT Guardian essential to keep your business protected.
Unsure if your backups are correctly functioning? Don’t wait for a disaster like CryptoLocker to strike before putting a data security plan in place. Sign up for a free technology and security assessment from CMIT Solutions and we’ll show you how to protect your business’s most valuable asset — its data.