Cryptolocker de-mystified!

Cryptolocker

Over the past month, the One2One team has seen an increase in the Cryptolocker virus. Our technicians have spent over 50 hours working towards recovering data, backup restores, and working with vendors on recreating system files and processes in order to get our customers up and running as quickly and as efficiently as possible. Unfortunately, this virus has caused data loss, time, and money for many companies. So what can be done to avoid the Cryptolocker virus from infecting you?

What is Cryptolocker?

Crytpolocker is type of virus called ransomware that infects computers, servers, and networks. The virus usually hides in an attachment in an email, typically with a .zip file extension. The email may look like it is from a legitimate company, or even from someone you know. These types of “phishing” tactics are the way many of these attacks get started.

What’s most frightening about this type of attack is that many variations are nearly impossible to remove. Ransomware takes over your files on your computer by encrypting the data on your hard drive which in turn, leaves your files inaccessible. The only way to “decrypt” the files is by way of a decryption key. Since the type of encryption used in most of these attacks is very strong, it’s impossible to decrypt with “brute force” techniques. With your files locked up, the cybercriminals hold your files for ransom, demanding funds (in untraceable Bitcoin currency) in exchange for the decryption key. For most people, even paying for a decrypt key will not work, as these criminals will take your money and not provide you with the key needed in order to allow you access to your files.

What can you do?

The best and most effective way of preventing this type of infection is to simply NOT OPEN ANY ATTACHMENTS from people you do not know or look suspicious. If you typically do not receive invoices from a particular company or resumes for potential new hires, do not open the attachment! Once the infected file is downloaded, the virus will spread to your computer and potentially, your company network, causing the files to begin the encryption process, and potential data loss for the entire company.

You can also prevent such attacks by using some basic security best practices. Make sure you have adequate anti-virus and anti-malware software running and up-to-date. User education and awareness is also equally as important as physical security, so it’s good practice to make sure staff are constantly reminded of how to protect themselves.

Another preventative measure is making sure you have a good backup solution. Should your system become infected with Cryptolocker, a backup restore would be the best option in restoring your files from the last backup.

What has the One2One team been working on?

One2One technicians created a group policy that restricts all execution from the appdata folder due to Cryptolocker. We have been implementing this new policy on our customers’ systems in order to prevent the virus from spreading to the network and causing downtime. In the long run, this will save our customers time, energy, and money.

  • Software Restriction Policies as part of Group Policy
  • Network restrictions of known Cryptolocker Proxy addresses
  • Egress traffic filtering for known Cryptolocker ports
  • User Training and awareness.
  • Shadow Copies Enabled on local and server (Newer Variants Target this)
  • Up to date Flash/Java/Browsers.
  • Good Backups – Comprehensive and fast to restore.

We can help!

Customers with our anti-spam, anti-virus and malware protection, and support services certainly have a good arsenal of defense already in place. We encourage our customers to reach out to us for any tips or questions they may have regarding cyber threats. Also talk with us to see how we can put additional methods in place to tighten your network security, as well as how we can help educate your employees on preventing these infections

One2One offers the latest in anti-virus, anti-malware and backup solutions. Please speak with a sales representative about our backup planning and solutions for you and your company today! You can reach us at 717-393-7403 option 2, or email us at sales@one2oneinc.com.