There is a new and extremely destructive form of malicious software being spread called “CryptoLocker”. Unfortunately due to its huge success, there is sure to be a slew of variants to follow. CryptoLocker is a type of malicious software called “Ransom-ware”. Typically, ransom-ware takes over your computer and holds it hostage, only releasing it after a ransom is paid. You may have seen or heard of the “Fake-antivirus” ransom-ware that was prevalent last year that would indicate your system was infected then would prevent any file from being opened or run unless you paid for the “cleaning”. Similar idea here with CryptoLocker, except much more dangerous.
CryptoLocker actually encrypts your files. Once encrypted, there is no getting them decrypted without the private key. Let me repeat that. Once this nasty piece of software has done its deed, there is no fix, your files are gone. The only way to resolve this is to restore your files from backup or pay the ransom and hope they actually decrypt them for you. (You are backing up aren’t you!?) Once the ransom is paid via anonymous payment methods the key is provided and your files are decrypted, or at least they are supposed to be. There have been reports that files are actually decrypted upon payment, as well as reports that claim payment did nothing. Note: If you do pay the ransom, back your files up, re format your PC and re load the OS from scratch. If you do not do this, don’t be surprised when your files get hit with this virus again in a month.
Worse yet, this malware will search your computer for any mapped drives, and encrypt them too! Yeah, those mapped drives you have to the server, are potential targets and will be encrypted as well as any plugged in USB drives. So not only would you lose all your local files, but all the server files as well. Are you backing up to USB drive? Well if so, your backups will be encrypted too! Even with a good set of backups in place (that didn’t get encrypted), you are still completely down for hours or days while your PC and server are being restored from backups!
So we understand how devastating this virus is, and we know that after being hit with it, we can’t recover. So what can we do to prevent it in the first place? The biggest risk to businesses are the users. Education is key. This virus is spread heavily through email. Many times disguised as a zipped PDF file making some claim that can look very real. Often a random email shows up claiming to be from FedEx with a message about “Your package has arrived” and an attachment with details. Ensure your users know to never open a file with an attachment from an unknown source, and to be extra vigilant, even with attachments from known sources. When in doubt, error on the side of caution and have the mail analyzed by an IT Professional first.
It’s always best to have an up to date antivirus application installed, and a good firewall. Keep in mind, this does not mean a free version of antivirus program and a $30 router that has a built in “firewall”. Pay the money for a good business class antivirus software and pay the money for a business / enterprise grade firewall with deep packet inspection and ideally gateway antivirus capabilities. If you need a recommendation for a good antivirus or firewall appliance give us a call. There is no magic bullet for preventing these infections, but a solid layered security approach can minimize the opportunities to get this business crippling virus.