The Ransomware Threat
CryptoLocker and others like it are a new type of malware, called ransomware, which encrypt specific file types and demand payment to decrypt those same files. They encrypt files on the local machine and any files that are accessible through any drive letter so files on a network or attached storage are also at risk. This means that any infected PC on a network could encrypt files on a server. This is a very real threat and is happening to PCs and networks everywhere. Currently there is no protection from Antivirus or Antimalware protection due to the way they infect and spread.
Once infected there is no recovery option other than restoring from a backup or paying the “ransom”. There is currently no guaranteed way of retrieving the data without a good backup due to the level of encryption. The option of paying the ransom does not guarantee the recovery of the data as there are cases that even after paying the data is not decrypted. Then there is the real world concern about what types of groups you are funding by paying (we do not recommend paying as an option).
Securing Your PCs and Laptops
Nothing is 100% but there are changes that can be made to help secure your machine against the current versions of CryptoLocker (and a ton of other malware). There are a little over 200 registry and security changes that can be made to protect against the current versions. We have a utility that can be installed that will make these changes for you as well as update automatically and add security changes. We will continue to update this utility as the threat evolves and as of now it is the only way we know to prevent these types of attacks.
This utility is meant to protect your machine from CryptoLocker and others like it from being able to make known changes to your system and is not a substitute for Antivirus and Malware protection which should be used in tandem with this utility. The utility can be purchased below.
Make Sure Your Data is Backed Up Properly
Backing up your data is the single most important thing you can do to protect your data. The best method is using an online data backup service so your data is backed up and stored offsite securely each night. We recommend using our offsite data backup service but whatever you use, make sure it is something that can be rotated through, stored offsite and not have to be permanently attached to your PC or network.
If you backup by copying files to an external hard drive, those files could be vulnerable. CryptoLocker goes after anything it can reach by drive letter and has also been shown to delete shadow copy type backups. The only way to secure your data is by backing it up to something not attached to your machine or server.
You can find more information on backing up your data here: http://www.cnetsys.com/offsite-backup
Unfortunately we do not see an end in sight for these types of threats and we think that they will continue to get more sophisticated over time.
CryptoLocker has been around since late 2013 and in the last couple weeks we have seen a huge increase in the amount of machines and networks infected. The threat is also evolving and we have seen changes in how machines are infected and how it spreads.
The servers hosting CryptoLocker taken down this week deal a blow to CryptoLockers infrastructure but it is only a matter of time until other servers are put in place. Unfortunately, what we have found is that the infections are still occurring but the ability to pay to decrypt the files is gone. CryptoLockers variants and copycat versions are still out there.
Originally it was spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them. Lately, the emails have more convincing subjects and have different file names.
Newer versions of have been found on compromised websites and are actively being spread through Trojan and Zbot infections (some of which you could already have and not know about). Unfortunately, just being on the internet puts you at risk and being cautious of what emails you open attachments from is no longer enough.
According to Wikipedia, the ransoms paid in a little over a 30 day period totaled 27 Million and that was just from what they could track. With a budget like that you can be assured that this threat and others like it will continue to grow both in number and sophistication.
Make Sure You Are Protected
We recommend that everyone have a backup strategy in place and have it tested on a regular basis and that you install the prevention utility on all your PCs and Laptops.
If you do not have our offsite backup service and would like more information or to get it setup please follow this link so we can provide you a solution to meet your needs: http://www.cnetsys.com/offsite-backup
For more information on how to secure your network go here: http://www.cnetsys.com/network-services
C-Net Ransom Defender Full Service Bundle – PC/Laptop Clean Up with Professional Installation
With this bundle, we will connect to your computer – remotely over the internet – and perform a clean up and system tune up before installing our CryptoLocker prevention software, ensuring maximum security and total peace of mind.
Purchase The C-Net Ransom Defender Utility – Self Install
Immediate protection from Ransomware like CryptoLocker, etc.