For years, there have been multiple threats to your business, whether it be competitors in the past or malicious software in the IT age. Until now, you’ve had to protect the business from viruses, spyware, malware, and phishing scams. These are designed to slow productivity and steal or destroy valuable information. You’ve been pretty competent at defending yourselves from it and these threats been pretty well contained and dealt with by many of the traditional types of software and hardware protection available. The evolution continues into the next realm. A new threat has come out of the woodwork in the form of Ransomware.
Image Source: http://cdn.blog.malwarebytes.org/wp-content/uploads/2013/10/cryptolocker.png
Ransomware heralds the ability for wide spread extortion attacks against your business. The most potent of these new threats has been Cryptolocker. Cryptolocker has the ability to encrypt not only files located on the computer infected but also files on network drives connected to the infected machine! Once encrypted, it asks for payment in an anonymous form of currency called BitCoin. You have two chances to pay before losing access forever. Once infected, traditional forms of hardware and software based protection haven’t been able to mitigate the risk as you can see from the graphic below:
Source: Bitdefender1CryptoLocker has been infecting 12000 computers per week!1 According to security experts on Cisco’s TRAC team, “You would need a nation-state to sponsor you with their supercomputers to decrypt your files3.” It’s been successful against US law enforcement as well:
The US-CERT (Computer Emergency Readiness Team) prescribes more of the usual as a risk mitigation and prevention strategies reproduced below:
US-CERT recommends users and administrators take the following preventative measures to protect their computer networks from a CryptoLocker infection:
- Conduct routine backups of important files, keeping the backups stored offline.
- Maintain up-to-date anti-virus software.
- Keep your operating system and software up-to-date with the latest patches.
- Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
- Use caution when opening email attachments. For more information on safely handling email attachments read Recognizing and Avoiding Email Scams (pdf), and Refer to the Security Tip Using Caution with Email Attachments.
- Follow safe practices when browsing the web. For further reading on Safe Browsing habits, see Good Security Habits and Safeguarding Your Data.
US-CERT suggests the following possible mitigation steps that users and administrators can implement, if you believe your computer has been infected with CryptoLocker malware:
- Immediately disconnect the infected system from wireless or wired networks. This may prevent the malware from further encrypting any more files on the network.
- Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware.
If possible, change all online account passwords and network passwords after removing the system from the network. Change all system passwords once the malware is removed from the system.
CRYTOLOCKER: A SOLUTION HAS EMERGED
As a premier Managed Services and IT support company within the Chicagoland area, Net Works Consulting Resources, Inc. has been hard at work to safeguard our clients. We’ve built a partnership with security software company and have successfully implemented a new service within our Jack framework (www.ineedjack.com) to detect and remove ransomware like Cryptolocker BEFORE it encrypts your files and does its damage. To learn more about our revolutionary Jack service and how it can help you, please visit us at www.ineedjack.com or feel free to reach out via email to firstname.lastname@example.org.