CryptoLocker is extremely dangerous malware, commonly called ransomware. It has already infected more than a quarter of a million computers.
Cryptolocker first appeared in the wild in Oct / Nov 2013. In 2014, new variants of CryptoLocker have emerged, adding more powerful attack vectors and additional ways of spreading the infection.
Why is CryptoLocker so dangerous?
Ransomware has existed since at least the 1990s, but this latest example is particularly problematic because of the way it makes your files inaccessible. CryptoLocker uses strong, industry-standard encryption to block access to ALL of your data. There is no way anyone can decrypt the files for you unless you pay the attackers the ransom they demand. Even the Massachusetts police paid the ransom of two Bitcoins (about NZD $2,200 by today’s exchange rate) after being infected by CryptoLocker.
The Knockout Punch
CryptoLocker also encrypts the data stored on any mapped network drives. In other words, if a single machine on the network is infected, it will encrypt all shared data across the network, including, critically, the data on servers. CryptoLocker attacks are nothing short of catastrophic.
How Does It Spread?
The original version of CryptoLocker was delivered via email attachments, cleverly masquerading as a payment or delivery notification. However, there are now new variants of CryptoLocker, reported to be spreading via USB drives and even through malicious or compromised websites.
Unrelated to CryptoLocker, equally worrisome malware served via Yahoo affected millions: As many as 2.5 million Yahoo users were infected with malware from virus-laden ads served by Yahoo’s homepage. Some of the malware turned PCs into Bitcoin miners – a huge drain on computing resources – without the user’s knowledge.
How To Mitigate The Impact
Short-term Action Plan
- Locking down the OS registry
- Changing DNS servers
- Deploying software monitoring tools
- Your top-priority should be to verify that your backups are good. One of the ways to do this is to restore some data from your backup, and receive confirmation either by a status notification or by email. While it’s good to receive backup-restore confirmation, testing the data restore quarterly or half-yearly is the ultimate confirmation.
- Disconnect the backup disk soon after backup is complete, because CryptoLocker can even encrypt the backup disk.
- Maintain a regular off-site backup.
Long-term Action Plan
The above action plan is only the bare minimum; unfortuntely, it is still a “fire fighting” measure and will only mitigate one of the many serious malware threats of today and unknown threats of tomorrow. Security as a managed service offers superior solutions that eliminate malware infections by up to 80% and even take the sting out of the remaining 20%.
Perhaps the moment has finally arrived for every business owner to think of IT security as something more than just anti-virus, and to realise that a proactive approach to security management is the only real option.
I have up-to-date antivirus, am I not safe?
By now, we all probably know that antivirus software is rarely effective in fighting malware infections. To protect you, antivirus software depends on the latest virus definition and the file signature of malicious programs; this is released only after an outbreak is reported. The inherent flow in design logic always leaves antivirus software one step behind.
How is a proactive security solution more efficient?
Red flag: A proactive security solution makes decisions based on not only database updates but also on the expected behaviour patterns of new programs or processes. If a program is doing something other than expected, it raises a red flag.
Cut off malware and botnets: Proactive security solutions are also able to cut off malware and botnets from contacting their command-and-control (CnC) servers. Once the link is broken, the malware is essentially reduced to a dormant threat.
Alert your IT support team: Properly implemented, managed security solutions immediately alert your IT support team about the infection and even pin-point which machine on the network is infected.
What is Bitcoin?
Bitcoin is a peer-to-peer digital online currency introduced in 2009. It is a cryptocurrency, so-called because it uses cryptography to control the creation and transfer of money.