Cryptolocker is back – Ransomware beware!
Cryptolocker the planet’s worst ransomware trojan has reappeared in all its ugly forms. Across the world networks and computer files have been encrypted by this trojan before a ransom demand is made to the user or administrator. Some victims who don’t have adequate backup are losing all their files, or having to pay a ransom of thousands to the criminals who propagate this electronic curse.
Cryptolocker is propagated via infected email attachments, and via a botnet; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public key cryptography. Cryptolocker itself is readily removed, however encrypted files will remain locked unless the key is provided. Worse some who have paid the ransom, have not had the key provided being left with encrypted files and a big bill. It is estimated that around 3% of affected users pay the ransom requested.
Almost a year ago the US Department of Justice announced that the FBI and Interpol had publicly issued an indictment against a Russian hacker and had gained the keys to the malware. However it appears a new version and clones such as CryptoWall and TorrentLocker are back in business,
Security software is designed to detect such threats, however it may not detect Cryptolocker at all, or only after encryption is underway or complete, particularly if a new version unknown to the protective software.
To how do you get Cryptolocker?
Email is the primary entry point for the Cryptolocker Trojan into networks and computers. Cryptolocker typically is propagated as an attachment to a seemingly innocuous e-mail message, which appears to have been sent by a legitimate company. These emails may contain company logos and representations that they are legitimate: examples in Australia and New Zealand include Australia Post, New Zealand Post, The Australian Federal Police, Microsoft, UPS parcel deliveries, and several of the major banks.
The emails tend to offer legitimate services or ask a reasonable request as simple as a payment receipt, deliver document, or in the case of the Australian Federal Police scam asking you to view a speeding fine or photo. Once the attachment is clicked, the ransomware is deployed in your systems and then encrypts files across local hard drives and mapped network drives with the public key, and logs each file encrypted to a registry key. The process only encrypts data files with certain extensions, including Microsoft Office, OpenDocument, and other documents, pictures, and AutoCAD files.
If you think you have Cryptolocker?
Once the execution file for the encryption is completed it is almost impossible to unlock files without the key. If you suspect that you have clicked on a cryptolocker email it is important to shut down as soon as possible. The malware invades all mapped drives of the network, so any connected backup or external drives can be infected, as well other machines on the network can also catch the virus, so keeping the machine off and isolated is a very important part of reducing damage.
Once your machine is encrypted it is really a matter of isolating the machine from all networks, keep it turned off and disconnected from the internet. It then becomes a matter of determining the damage & spread, & if backups are available. It is a great time to call an IT Expert, like Computer Troubleshooters, who can advise the appropriate course of action, be it restoring the machine with backup, or paying the ransom (and in both cases removing the Cryptolocker virus) .
How to prevent a Cryptolocker infection?
Prevention – don’t open or click on unsolicited emails
- Educate everyoneon the risk of opening email attachments that they shouldn’t. They may receive an email that they weren’t expecting or something may look wrong about it. These emails can also come from a spoofed account that may look legitimate or even appear to be from someone you know. The bottom line is to always be careful when opening email attachments.
Here is a our Checklist to protect Yourself, Your Family and Your Business from Cyptolocker
In both our professional and private lives, each of us needs to assume responsibility for our online activities. These responsibilities involve a combination of equipment maintenance and software updates coupled with appropriate online behavior and a constant vigilance against criminal activities. We suggest that you start with this brief checklist:
- Maintain a Clean Machine by running the most recent operating system, security software, apps and web browser as a defense against online threats such as viruses and malware.
- Security Software – every computer should have internet security protection to help detect Cryptolocker, it may also limit the harm done by warning you before the file is executed, should you accidently click on a host email.
- Firewalls and Encryption should be in use by businesses to secure their internet connection. Educate employees about passwords and internet security guidelines.
- Scams, Spam, and Phishing are hazards you can avoid. Don’t open e-mailed attachments from strangers and never click on unknown links contained within e-mails. Enable the filters on your e-mail programs to screen for spam. Beware of messages indicating upgrades, technical updates and special offers. These tactics are no longer limited to e-mail, so be vigilant when on social networking sites.
- Have a Backup to non networked drive – either rotate external drives or have off site scheduled backup. Beware of using sync backups such as OneDrive as they can also be encrypted.
Computer Troubleshooters Can Help Your Business with Cyber Security
Computer Troubleshooters can do an assessment of your business’ computer network. We can also provide recommendations for establishing a strategic approach to cyber security and assist you with a variety of solutions to reduce the risk of a security breach. We strongly encourage you to prepare your business for the threat of a cyber security crime, contact your local Computer Troubleshooters office today for help and advice.