"Complete IT solutions, Unquestionable Trust"

Blog

Don't Become Victim to CryptoLocker

January 9th, 2014

In early September 2013 a nasty piece of ransomware was discovered.  Since then CryptoLocker has gone on to become one of the most lucrative pieces of malware, earning an estimated 30 million dollars so far.

When infected, CryptoLocker will encrypt all of your documents, rendering them useless. When the damage is done, CryptoLocker presents a pop up window featuring a countdown clock, asserting that you have 72 hours to pay a ransom (approx. US$300 during the 72 hours and $3000 after) to have your files decrypted.

Currently, any file the infected computer has direct access to will be encrypted.  This includes any external hard-drives and mapped network drives.  At present, UNC network shares (\\server\sharename) are safe from this attack. However, this doesn't mean that the bad guys are not working to encrypt these as well.  For more detailed information on CryptoLocker and methods to help protect against getting infected with the current variants of this ransomware, check out this useful article.

But how do you prevent CryptoLocker or other similar attacks from leaving your personal or company data completely inaccessible? Since you can’t be 100% sure that something like this will never make its way into your network, your only true protection from having your business held at ransom is to have a true backup and disaster recovery plan.

A proper backup system includes far more than having your data backed up to an external drive (especially with ransomware like CryptoLocker now in the wild). First, your local backup should be on some sort of network device (SAN, NAS or FTP server) that is not directly used by any users and does not have a single drive mapped to it. Second, save older backups. Always have a retention policy that meets your business needs. This usually includes daily, weekly and monthly backups.  Having a good retention policy not only protects you from losing information due to a corrupt backup, but also gives opportunity to recover data to a previous version.

One of the most vital, yet most negligent parts of a DR plan, is the "off-site" copy.  Not only does the off-site copy keep your company’s data safe from total extortion by ransomware like CryptoLocker, it also protects from total loss when dealing with a physical disaster.

Checkout this video from Sophos Labs to see CryptoLocker in action.

So what has CryptoLocker taught us?

Prevention and protection are key. 

Prevent malware from infecting your computer in the first place.  Incorporate safe browsing habits and be cautious about what files you open in email. Always have an up to date anti-virus solution and be behind a firewall.

Protect your data in the event of an infection, corruption, accidental deletion, drive failure or total loss by theft or natural disaster. Backup solutions vary depending on the size of data, price and convenience, but get one!

Leave a comment:

"After you guys set up our server and workstations everything just works. We hardly ever get to see you guys"

Tyler Wilson - Performance Compression and Sealing

"All of you have done a TOP NOTCH job for us. We love seeing Max on the rare times that he needs to come in."

Tina Best - The Alberta Library