CryptoLocker Ransomeware: How to Defend your Company
What is CryptoLocker?
Cryptolocker is an infectious ransomware that was identified in July 2013, with variants and clones discovered in September and December 2013 and February 2014, and is malware that encrypts the contents of your computer and holds it ransom for 72 hours. This encryption basically makes it next to impossible to get your files back without paying for the decryption code for every computer and server you own.
If you don’t cough up the cash, it deletes ALL of your files. Everything. How much? Started out low (we saw $300) and has gradually increased- these days you can expect to pay between $1000-$2000/computer/server. Good morning, you’ve been virtually mugged!
How does CryptoLocker work?
Victims have reported that it usually starts with an email that looks official from UPS or FedEx, making it sound like it’s related to tracking a package you’re sending or receiving. Usually the email will have a .zip archive attached to it, that when unzipped will reveal a double extension file, ie, pdf.exe. The file will open in Adobe Reader but at the same time a Windows executable file will launch on the users machine, which is the CryptoLocker malware and encrypts your files. The solution to decrypt your files is to pay the makers of the program for the key to your files either through a wire transaction, or the latest variant through a Bitcoin payment; both options are very costly and not recommended.
Why should you care?
Downtime has a direct effect on the bottom line for any business that relies on their network to make money, whether directly or indirectly. For example, a day or two of downtime for a manufacturer could cost anywhere from a few thousand to millions of dollars. You should think about questions like:
- How much time can you afford to be without those files?
- What does it cost in lost productivity when an outbreak happens?
- Can downtime cause you to lose customers or sales?
- Will customers, partners, or employees lose confidence in your company?
Every employee should safeguard critical company data and take measures to eliminate malware outbreaks.
What can you do to protect yourself from Cryptolocker?
Don’t open email attachments you don’t trust 100%, don’t open double extension files such as pdf.exe. This is where Cryptolocker likes to hide. Make sure you have regular system backups for both files and Operating Systems, (like entire disk partitions or Cloud in addition to local disks), that are tested and working properly. Notify your IT support provider first if you suspect something is not right. Make sure you have an industrial grade Antivirus/Malware program installed and updated weekly, the bad guys move quickly so should your Antivirus/Malware. And lastly, make sure you have a trusted partner for IT support that doesn’t profit from an outbreak.