There are many security risks to worry about when managing or using a business network. However, one of the biggest threats to a business’ network is CryptoLocker.
What Is Ransomware?
In order to discuss CryptoLocker, first we must have a handle on ransomware. Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants, such as CryptoLocker, extort money from victims by displaying an on-screen alert stating that the user’s systems have been locked or files have been encrypted. Unless a ransom is paid, access will not be restored.
What Is CryptoLocker?
CryptoLocker is one of the most common strains of ransomware attacking companies around the world every single day. In a recent global survey of over 1,000 IT service providers, 95% reported recent encounters with CryptoLocker infecting small business clients. CryptoLocker renders its victim’s files unreadable using encryption, then demands payment to un-encrypt them. This variant is considered one of the top cybersecurity threats to businesses today.
Typically, CryptoLocker ransom demands are not particularly high—usually in the range of $200 to $500. However, the cost of downtime associated with ransomware can add up quickly, especially if the malware spreads beyond a single computer and onto your company’s network. Recent statistics report that 63% of small-to-midsized businesses have suffered business-threatening downtime as a result of a successful ransomware attack.
How Does CryptoLocker Spread?
CryptoLocker has been shown to spread in 4 different ways:
1.) As an email sent to company addresses pretending to be from customer support from FedEx, UPS, etc. The Trojan is attached to the email, usually labeled as a tracking number.
2.) In PDF documents that are attached to emails, often labeled “My Resume” or “Resume”.
3.) Through hacked websites that can exploit computer vulnerabilities to install the malware.
4.) Through Trojans that pretend to be applications you need to download in order to watch videos online.
CryptoLocker installs itself to the Documents and Settings folder on your computer and then proceeds to search for specific types of files that often store information that is important to a user, like Microsoft Word Docs or Adobe PDFs.
CryptoLocker applies an asymmetric encryption which requires both a public and private key to unlock. The public key is stored in the malware itself and is used to encrypt the files. The private key, the key that is being sold by the hacker, is hosted on the hacker’s personal server.
How Can I Recover My Data Without Paying The Ransom?
If you or your IT professional has made a backup of your system prior to the infection, it is possible to do a full reinstall of Windows and restore your files from the backup. However, if a backup was made after CryptoLocker had already found its way into your filesystem, then it is much less likely that your files can be recovered without paying the hackers.
How Can I Prevent and Respond To CryptoLocker?
The best way to fully bounce back from a ransomware attack is to never become a victim. This is a serious piece of malware that should not be taken lightly. If you are worried about your network’s computers becoming infected, here are 5 steps you can take to prevent infection from occurring:
1.) Be Proactive – It is a good idea to educate yourself and your staff about ransomware, specifically CryptoLocker, and even implement and reinforce a “no installing programs without administrator approval” rule. Also, having a functional and redundant backup plan in place will go a long way in limiting the damage CryptoLocker can do.
2.) Check Your Emails Carefully – Closely look at every email that comes into your inbox. Pay close attention to who sent it, the body text and even the subject line. If you see a slight spelling error in the name or even in the address e.g., customersupport@upss.com, you should immediately delete the email.
3.) Beware Of Attachments – Always look carefully at attachments you receive, even if they appear trustworthy. If you get an email with an attachment from any sender you don’t personally know, don’t open it. If you get an attachment from people you do know, but it isn’t something they would normally send, don’t open it. For all other attachments, try confirming that the file attached is in fact legitimate by asking the sender.
4.) Backup Your Data – Be sure to always backup your data on a regular basis. If you backup files on a daily or even weekly basis and are infected, you can easily wipe your hard drive and start again without losing much in the way of data.
5.) Know What To Do If Infected – If you are infected the first thing you should do is disconnect from the network to limit the chance of the virus spreading to other systems. If you have backed up your system and data, you can probably revert your system. If not, your best plan of attack would be to contact us to see if we can help, as we may be able to get around the encryption or even delete it.
There is no question that CryptoLocker and other forms of ransomware are a major threat to all businesses today. However, you can mitigate the impact by putting the right technologies and strategies in place. As there is no single solution that answers the ransomware problem, a layered approach is best. Security and backup are both important in protecting your business from data loss whether it be from ransomware or something else. It is also important to observe cybersecurity best practices by educating all employees on how to recognize suspicious emails, ads and websites.
Feel free to Contact Us for more information.