Last September, the Internet was introduced to CryptoLocker, a dangerous ransomware that has quickly spread and become one of the worst viruses we have seen. CryptoLocker will literally take your files hostage by encrypting them so it can force you to pay for the encryption key. A business hit with CryptoLocker will be locked out of their computers and unable to get work done.
But it Gets Worse
CryptoLocker is much more dangerous than your regular run-of-the-mill ransomware because it’s been designed with a few upgrades, like a clock counting down from 100 hours displayed on your locked-out screen. When the clock hits 0:00, all of your data is deleted. During this 100 hour time period, you’re presented with instructions on how you can pay the hackers in such a way that the transaction cannot be traced.
The extortion fee will vary with each attack, but most CryptoLocker victims are reporting that the fee is $300. This is a hefty sum of money and it may even be more than what your PC is worth. Hackers know that users will pay the fee because of how valuable data is, especially for businesses. Think about it, if your company was suddenly locked out of its computers, would operations be able to continue? Hackers understand that data is the lifeblood of any organization, which is why they’re emboldened to ask for so much money. It’s in ugly hacking attacks like this when the value of data backup can be clearly seen.
So You’re Infected with CryptoLocker, Now What?
One of the biggest problems with CryptoLocker is that it can quickly infect your computer and lock you out before you have time to act. One of the ways it does this is by making changes to your PC’s registry upon restart. This means that turning your machine on and off again when things get buggy will only worsen the problem. CryptoLocker will also encrypt the files on both your fixed and remote drivers, so you can forget about troubleshooting through the remote backdoor.
We hate to give hackers credit, but this malware accomplishes its goal extremely well, leaving the victim with a feeling of helplessness and fear so that they will give into the hacker’s demands. Whatever you do, don’t pay these bums. You will only be funding future attacks. There are even reports of victims paying the ransom and their data was still deleted. If your PC is infected with CryptoLocker, or you’re seeing signs that your PC may be infected, then the best course of action is to unplug your machine from the Internet, shut it down, and then have TMS’s technicians look at it. You will also want to act quickly before CryptoLocker spreads to other computers on your network.
CryptoLocker Attacks are on the Rise
The bleak reality of the situation is that CryptoLocker attacks are on the rise. The IT Service industry has been sounding the alarm about this since it was first discovered. You might even remember that TMS first alerted people about this virus in our blog last September. In fact, even government systems are not immune to CryptoLocker. An example of this happened last September with the computers belonging to a Massachusetts police department. Their system got infected with CryptoLocker and officers paid the ransom of $750 worth of Bitcoins.
It’s actually quite shocking how fast CryptoLocker attacks are spreading. A report released by spam filter AppRiver in October (two months after CryptoLocker was first discovered) reported that CryptoLocker was the most prevalent virus found in the 56.6 million infected emails blocked by their spam filter that month. Other antivirus and antimalware companies are also reporting that thousands of CryptoLocker infections are happening every day. Therefore, it’s a good assumption that your inbox has been sent an email containing the CryptoLocker malware. Good thing it can only be activated if you download it.
How can You get Infected with CryptoLocker, and How can You Stop It?
The most common way that a computer gets infected with CryptoLocker is through email attachments. In many cases, these emails are able to bypass spam filters by attaching the virus with a .ZIP file. Hackers will also use social engineering tactics to bait you into opening the email. For example, the most common scam involves disguising the infected email as a message from the postal service regarding a package. Hackers know that there’s a good chance you’re expecting an important parcel in the mail.
More trickery is involved when the attachment is disguised as a .PDF or .DOC file, hiding the true .EXE as a double extension. All you have to do is open the .EXE and CryptoLocker will immediately go to work encrypting all of your data. CryptoLocker can also hide itself in pop up web advertisements and in social media games. In light of the seriousness of CryptoLocker, it’s best practice to not disable your firewall.
Here are three IT practices you can take in order to protect yourself from CryptoLocker.
- Use Best Practices for Web Browsing: Stay clear of sketchy websites, do not open suspicious emails, and never download anything from an unsolicited email.
- Have a Strong Security Solution: A reliable network security solution is needed to protect your business from CryptoLocker. The strongest security solution TMS offers is our Unified Threat Management (UTM) tool. A UTM tool can provide your company with a strong firewall, content filtering to block malicious websites, and several other additional security features that will keep your data safe.
- Use a Data Backup and Recovery Tool: Making sure your data is backed up is the key to recovering from a CryptoLocker attack. A Backup and Disaster Recovery (BDR) tool is designed for attacks just like this because it takes several snapshots of your data throughout the day as part of the automatic backup process. If CryptoLocker happens to infect your system, then BDR can be used to restore a previous unaffected version so that your workday can continue.
The worst thing about CryptoLocker is that it uses fear as a weapon, but with TMS protecting your company’s network, you don’t have to fear CryptoLocker, or any other online threats! With our managed IT services, we’re able to remotely monitor and maintain your technology to block threats like CryptoLocker. If a virus happens to get past the firewall, then we can eliminate it before it becomes a problem, and we can have your backed up data available in the event that an infection happens to go down.