In September, a new ransomware came on the scene and it’s been wreaking havoc on computers the world over ever since. Given the name CryptoLocker, it’s capable of taking over your system, encrypting your files, and literally holding your data ransom in order to extort money from you. If you don’t pay, then your files are deleted. What’s an honest business to do against such a threat?
How CryptoLocker Works
One thing that you don’t want to do is pay the ransom, which is a whopping $300. How do these hackers have the nerve to ask for so much money? It’s because they understand the value of data. A business, and even a casual PC user, has a lot invested into their data. Most organizations will even identify their data as their most valuable asset because it’s virtually impossible to do business without it.
It’s the hacker’s expectation that a company infected with CryptoLocker will see the threatening red graphic take over their computer screen, panic, and then pay up. It’s obvious that CryptoLocker is attempting to use fear as a weapon because a clock counting down from 100 hours is included with the notification that your computer has been taken over. If the clock strikes 0:00, and you’ve not paid up, then your data will be wiped. If your business isn’t prepared for ransomware attacks like CryptoLocker, then you will be looking at a stressful 100 hours to come up with a solution.
What can You do to Stop CryptoLocker?
You may be thinking that if you get infected you can just turn your PC on and off again or tinker around in the back end. Not so fast. CryptoLocker is designed to block common troubleshooting procedures. In fact, with every computer restart CryptoLocker will make changes to your registry, and don’t even think about accessing your drive remotely, because upon infection, one of the first actions taken by the virus is to encrypt the files on both your fixed and remote drivers.
Without a data recovery solution in place, the only option you have that will recover your files is to follow the hacker’s instructions and add money to their untraceable account. However, don’t think for a minute that because you paid the fee you will be in the clear. Paying the ransom will only give you access to your PC, and there are several reports of users that have paid but they were still not granted access to their data. Meanwhile, the virus will still be infecting your system, waiting to strike again and putting other computers on your network at serious risk.
CryptoLocker is Spreading
Despite every major technology company sounding the alarm about CryptoLocker (PACE Technical Services informed our clients on our blog about it last September), the virus continues to gain momentum and catches users and organizations worldwide in its trap. There was even a case reported in November where a police department in Massachusetts paid the hackers $750 worth of Bitcoins to get the private encryption key that would let them access their files.
To help give you perspective on how fast CryptoLocker is spreading, spam filter AppRiver quarantined 56.6 million emails in October that contained a virus in the attachment, and they reported that CryptoLocker was the most trapped malware. Other antivirus and anti-malware companies are also reporting that they’re seeing thousands of new CryptoLocker infections every day.
There are actually a variety of ways that the CryptoLocker virus spreads, but the most common way is through email. Using a hacking strategy called social engineering, the hacker sends an email to your inbox that will look like a credible message from a trusted source. A fake message about an expected delivery from a parcel service is a common example. An email like this will ask you to download the infected attachment by claiming that it contains important information about your order.
In most cases, the CryptoLocker attachment is a .ZIP file, which means that it gets through standard filtering. A user may look at the attachment and think that it looks safe to download because it looks like a trusted .PDF or .DOC file, but it’s really a double extension that hides the true .EXE. As soon as you click the attachment, the virus is executed and encryption of your data begins. Other ways that CryptoLocker spreads includes online social media games and clicking on pop-up advertisements on websites.
3 Actions You Can Take to Protect Your PC from CryptoLocker
- Smart Web Browsing Practices: Don’t open suspicious emails or visit shady websites, and never download a file unless you’ve scanned it and you’re absolutely certain of what it is. Also, do not respond to unsolicited emails or download unreviewed social media games, and don’t disable your antivirus software for any reason.
- Have a Reliable Security Solution: You will want to make sure that you’re running updated antivirus software and that you have a strong firewall in place. A Unified Threat Management tool from PACE Technical Services is the strongest network security solution we offer, and it includes content filtering to block employees from visiting malicious websites.
- Use a Backup and Recovery Tool: One of the best things you can do to protect your data from CryptoLocker is to back it up and have a way to recover it. A Backup and Disaster Recovery (BDR) tool from PACE Technical Services is great for this because it takes several snapshots of your data throughout the day and then backs everything up to the cloud. This means, if you get hit with CryptoLocker, then BDR will restore the version of your data that doesn’t contain the ransomware.
CryptoLocker is a bad virus that plays on people’s fears, but with PACE Technical Services watching over your network with our managed IT services, you don’t have to be fearful of even the worst viruses on the Internet. To learn more about CryptoLocker, or to receive a free network audit where we scan your system to discover if malware like CryptoLocker is lying dormant in your system, give us a call at 905.763.7896.