Towards the end of 2013 there was a new form of malware known as “ransomware” hitting thousands of personal computers and business networks called Cryptolocker. What happens is that a computer user opens what seems to be an innocuous email, typically it is one that looks like a tracking number to a FedEx or UPS package and before the user is aware of it, a ZIP file unloads a Trojan infection on their Windows based PC. What it does, is encrypts all of the users files, rendering them inaccessible and useless. So every Word or Excel file on the user’s hard drive is essentially locked up and held for ransom. The ransom amount is usually $300 which must be paid before a countdown clock runs out (typically 72 hours), or the drive will be wiped clean by the Trojan malware.
Scary, no doubt.
Some malware/virus protection programs will stop the Trojan attack before it can encrypt your data, but not all can, and once encrypted, only the hacker’s “key” will unlock the encryption. The advanced technology deployed by hackers has not yet been defeated! The ransom is paid in Bitcoins so they are untraceable.
It’s an incredibly efficient scam with the potential to make these hackers millionaires. Dell SecureWorks estimates that over 250,000 users were infected in the first 100 days of the attack which seems to target small businesses and individual users, probably because they are the most vulnerable.
How do you mitigate this potential risk?
Education is probably the most effective way to prevent the virus from beginning in the first place. Employees need to really be suspicious of every email they get, even if it looks like it’s from a legit company. As mentioned, some of the attacks look like they originate from FedEx. If you hover over links and logos (without clicking them) it will often tell you where the link leads to and if it’s not sourcing back to FedEx or another legit company you know it’s a scam. Educating employees to use extreme caution before clicking ANY link in an email and reinforcing that regularly will help prevent accidental download of viruses.
Second, this certainly reinforces the need to back up data. The problem is that the virus seems to be able to attached network drives and cloud drives like Drop Box, so you need to incorporate a strategy of deploying removable drives or off site cloud back ups to prevent them from being infected too.
Having advanced malware / virus protection installed on all company desktops may help alert users to potential threats before they can click through to the payload. Keep in mind that making sure that virus protection must be kept up to date either automatically through your network or host, or manually. If manual updating is necessary, then “forcing” users to update on a regularly scheduled basis is important.
If infected, take it seriously. The ransom must be paid within the time frame prescribed or all your data may be lost. While we may hate to give into a ransom demand, paying the $300 or a multiple thereof may be a lot cheaper in the long run than having your hard drive wiped clean.
Lastly, if you work with an IT consulting firm bring them into the conversation now, before an infection takes place. Ask them for specific recommendations on how to prevent an infection, and if you are infected, what do they recommend as a course of action.
Cryptolocker and future derivations of it can be potentially devastating, having a proactive risk management thought process around it, can help minimize that risk. For more information on managing cyber risk, please contact us by calling 800-287-4115 or completing the contact box at the top of this page.