The newest threat to your business: Ransomware (Cryptolocker)

For years, there have been multiple threats to your business, whether it be competitors in the past or malicious software in the IT age.  Until now, you’ve had to protect the business from viruses, spyware, malware, and phishing scams.  These are designed to slow productivity and steal or destroy valuable information.  You’ve been pretty competent at defending yourselves from it and these threats been pretty well contained and dealt with by many of the traditional types of software and hardware protection available.  The evolution continues into the next realm.  A new threat has come out of the woodwork in the form of Ransomware.

cryptolocker300

 Image Source: http://cdn.blog.malwarebytes.org/wp-content/uploads/2013/10/cryptolocker.png

Ransomware heralds the ability for wide spread extortion attacks against your business.  The most potent of these new threats has been Cryptolocker.  Cryptolocker has the ability to encrypt not only files located on the computer infected but also files on network drives connected to the infected machine!  Once encrypted, it asks for payment in an anonymous form of currency called BitCoin.  You have two chances to pay before losing access forever.  Once infected, traditional forms of hardware and software based protection haven’t been able to mitigate the risk as you can see from the graphic below:

cryptolocker-infections300Source: Bitdefender1CryptoLocker has been infecting 12000 computers per week!1  According to security experts on Cisco’s TRAC team, “You would need a nation-state to sponsor you with their supercomputers to decrypt your files3.”  It’s been successful against US law enforcement as well:

US police department pays $750 CryptoLocker Trojan ransom demand

The US-CERT (Computer Emergency Readiness Team) prescribes more of the usual as a risk mitigation and prevention strategies reproduced below:

Prevention

US-CERT recommends users and administrators take the following preventative measures to protect their computer networks from a CryptoLocker infection:

Mitigation

US-CERT suggests the following possible mitigation steps that users and administrators can implement, if you believe your computer has been infected with CryptoLocker malware:

  • Immediately disconnect the infected system from wireless or wired networks. This may prevent the malware from further encrypting any more files on the network.
  • Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware.

If possible, change all online account passwords and network passwords after removing the system from the network. Change all system passwords once the malware is removed from the system.

Sources:

  1. http://www.ibtimes.com/cryptolocker-virus-infects-12000-computers-one-week-how-hackers-are-avoiding-detection-1473046
  2. http://www.crn.com/news/security/240164262/cryptolocker-attacks-ransomware-target-small-businesses-cisco.htm

CRYTOLOCKER: A SOLUTION HAS EMERGED

As a premier Managed Services and IT support company within the Chicagoland area, Net Works Consulting Resources, Inc. has been hard at work to safeguard our clients.  We’ve built a partnership with security software company and have successfully implemented a new service within our Jack framework (www.ineedjack.com) to detect and remove ransomware like Cryptolocker BEFORE it encrypts your files and does its damage.  To learn more about our revolutionary Jack service and how it can help you, please visit us at www.ineedjack.com or feel free to reach out via email to jack@networkscr.com.


Leave a comment!

You must be logged in to post a comment.