By: Michelle P. Baca, PhD, Professional Services Manager
The Dreaded Red Alert
We promise our clients first call resolution and good customer service, so when someone calls in they’re getting an agent who will greet them warmly while springing into action to get the problem solved. If you want to see our agents move extra fast though? Hit them with one of our most dreaded red alerts, “CryptoLocker Detected,” few things are more motivating than seeing an alert for this particularly insidious brand of malware. A bad CryptoLocker infection can cause days of lost productivity. Once detected, our team moves to find it and stop it, assess the damage and then restore your data so you can get back to business.
What is CryptoLocker?
This type of attack has been around for a few years now, so you’ve probably heard about it. Simply put, CryptoLocker is a ransomware virus that holds your data captive until you pay the ransom. Even when you pay, there is no guarantee that you’ll get your data back, or that you won’t be targeted again.
Once you are infected with CryptoLocker it works quickly to encrypt the data on your machine and then works its way into encrypting anything else to which you may be connected. Put another way, all of the Word, Excel, or PDF documents that you have on your computer and shared drives transform into a single message “here is how to pay the hackers.” Meanwhile, all of your files have been hidden and locked away from you. When you click to open that message from the hackers, it often does a rescan to make sure that it got all of your files. If someone that shares a drive with you opens one of those files, it now scans all of their mapped drives, furthering the reach of the malware.
One of the first steps we take in a CryptoLocker infection? Disconnect your machine from the network. This simple physical act can prevent the virus from spreading and doing more damage.
How do you get it?
The attacks vary from malicious scripts that target vulnerabilities in your system to opening a bad attachment. One recent attack that we saw involved the thieves running a script to brute force its way into our client’s data. The script runs automatically and pokes around for vulnerabilities until it finds an opening. Usually, though, someone receives an email from someone they trust such as a boss or friend. The email contains an attachment or link and seems to be urgent: “Why haven’t you paid this invoice yet? Get on it!” Once opened, it begins to work its way through your computer and network.
Virus scans and Antivirus software can catch CryptoLocker, but like most things the best defense is a good offense. The scripts and methods of attack are constantly shifting. The strength of the attack lies in its ability to be new all of the time. Companies that recover fastest let our team know quickly and have a solid backup solution already in place for events like this.
Your best bet to stay safe is to make sure that your system is robust, resilient, and recoverable. We are constantly monitoring our clients and we provide a solid antivirus system. We make sure that we set up your users to minimize damage and accessibility. Above all we prioritize backs ups. Good, secure backups are your key to getting back to business after a CryptoLocker attack. Solid backups mean that these criminals cannot hold your data for ransom because we are keeping it safe for you.
The Very Best Defense Against CryptoLocker?
Put it in the Cloud. A Cloud Solution like the one we offer at CIO Solutions is the best way to keep your data safe and recoverable. While a bad infection can cause days of downtime and recovery for on premise users, an infection for a Cloud user is generally resolved in MINUTES. At CIO Solutions we follow industry best practices to make sure that your data is safe and secure.
Here are some things you can do to stay safe:
- Only open attachments from people you know and who usually send you attachments.
- Read emails carefully, and look for signs that they may be spoofed. Is the email written the way the sender typically writes? Are there any weird typos?
- Talk to your IT provider about your back up system. Educate yourself about what is in place and where it’s being kept.
- Does everyone in your organization have admin rights to everything? Have your IT company make recommendations on limiting who has access to what folders.
- If you’ve been infected with CryptoLocker immediately disconnect your machine from the network, and contact your IT provider.
- Make sure your IT provider is keeping all of your software up to date, and that they are aware of the latest security patches.
- Call your IT provider and ask what they are doing to keep your business robust, resilient, and recoverable.
- Contact CIO Solutions for questions about how we can make your business data safer and more efficient.
Interested in the technical details of how CryptoLocker leverages encryption to steal your data? Check out this blog post from our partner ESET Antivirus: