More and more people are getting caught by CryptoLocker, malware that encrypts your files and then asks you for a ransom to get them back. As paying a few hundred quid; compared to losing years of important business data or valuable family photos is less frightening, 40% of the affected users will pay the ransom.
1. What is it?
CryptoLocker is a fairly recent piece of malware that encrypts some (or all) of your files and keeps them encrypted until you pay a ransom. Once you've been attacked, you will no longer be able to open your files and documents. This includes Word docs, Excel spreadsheets, PDFs, PowerPoint files and many more.
There are lots of ways to prevent your files from being affected, but if you are affected the only ways to recover is to pay the ransom or restore from a good backup. Up to date anti-virus is a must but it might not stop CryptoLocker as the criminals behind it actively work to change it so that it is not detected.
2. How does it affect your computers?
CryptoLocker is malware and also a Virus. Malware is a piece of unwanted code a user has to trigger, a virus is a piece of undesirable code that installs itself on your systems without anyone triggering it. The main way CryptoLocker is installed is through malware.
How does a user trigger malware?
One of the most common ways is via email. You receive an email from an unknown source (or even known source sometimes) asking you to download and install a file (usually .exe or .zip files). Opening the attached files launches the attack, finding and encrypting all the files you have access to, including external and networked drives. Having a cloud based mail filtering solution can dramatically reduce the number of bad emails.
Another trick CryptoLocker uses to make users trigger the malware is by asking them to download and install a video driver or codec file. It seems legit, and that's why many people get caught.
How does it install itself without any input?
You browse a malicious website that exploits an out-of-date version of Java that allows the malware to be installed; or one of the adverts displayed across a number of sites has been updated to exploit older versions of Adobe Flash.
3. How to avoid it
- Ensure you are using a up to date anti-virus product. The anti-virus vendors will catch up to this issue and continue to protect you from other viruses.
- Implement cloud based email filtering as these systems will scan emails with 2 or 3 different sets of anti-virus as well as blocking known bad senders and emails that look a certain way.
- Be certain that any device added to your network has appropriate controls in place and is trusted.
- Don't download and install software from unknown sources.
- Be suspicious of emails, their links and attachments. If you weren't expecting the email, be very careful.
- Make sure you have a good backup that is NOT immediately accessible by computers on your network
CryptoLocker uses your own fear, uncertainty and doubt to trick you into installing it. If in any doubt, consult your IT support team immediately and they will guide you.
4. What to do
According to geek, about 40 percent of CryptoLocker victims pay the ransom that is asked. Do not pay the ransom! Paying the ransom encourages the creators of CryptoLocker to continue as they are getting paid for their actions.
It is paramount to setup regular backups of your files and systems. If you get attacked by CryptoLocker, restoring the files from a backup is currently the only way to get you up and running again.
Remember that in the case of CryptoLocker your best defence is prevention, so NEVER download unknown files or documents, keep Java and Flash up-to-date and keep regular backups of your files and systems.
If you think you may be a victim of CryptoLocker or want to setup backups, update your anti-virus and implement a cloud based email filtering tool, please get in touch with Transcendit's team of engineers on 0191 482 0444 or use our contact form.