by Scott Lewis
By now just about everyone has heard of the CryptoLocker malware, which is a type of ransomware that encrypts your files, after which – for a specific dollar amount – the sender will send you a code that will unlock your files. Over the last six months we have seen the number of reported cases triple, and 64% of the reported cases were in the United States.
CryptoLocker, like ransomware, is intelligent malware. It will actually change, learn and grow to avoid anti-virus programs and filters set to catch it. Because of this intelligence, the people who write these programs have simply refined their awareness, which makes them very difficult to track, trap and eliminate. CryptoLocker malware is spread primarily through email and links or embedded links that come in through your email system. It can also be spread through outdated web browsers or outdated plug-ins.
If you think you have the CryptoLocker virus, one of the first things you should do is unplug or disconnect from your wired or wireless network. This will stop any further spread of the virus. Unfortunately, without paying, at this time there is no way to unencrypt files that have already been encrypted. CryptoLocker uses a private key that can’t be retrieved unless you pay the ransom, and performing a brute-force recovery on the key is not a realistic option because of the amount of time it would take. At this point, the only way to recover files without paying is from backup, assuming you have a good backup. But make sure you recover these files to another location and not over the infected files.
Some basic rules to avoid getting infected with the CryptoLocker:
- Always make sure you know who is emailing you. However, you have to keep in mind that spammers will sometimes spoof email addresses so that it looks like someone you know is sending you a message.
- Double-check content. An example would be someone saying he is responding to your message. Make sure you actually sent him something.
- Do not click on links you get in email, and configure your browser to use link reputation to check the link.
- Back up your important data. There is no known good tool to unencrypt files once they are encrypted. Use cloud-based backups such as XpressStor to help protect your files.
- Corporations should review policies involving email attachments and links, filtering of any executable files or zip files, and removal of active links.
There are some tools on the market that can help prevent infection with the CryptoLocker virus; one of those tools is CryptoPrevent. CryptoPrevent artificially implants group policy rules to block executables from running in certain areas of the registry. Some of these tools are free for individual and corporate use and could give you another layer of prevention. Keep in mind that nothing is 100%, so you will have to check for updates and make sure you stay current on these tools as the CryptoLocker evolves and learns.
The impact of the new CryptoLocker viruses have taken ransomware to a new level. Most infections can be prevented through simple education of users, but technology can certainly help. Companies should continue to harden their systems and manage email policies and web surfing polices to ensure that they are catching as much of this in the technological net as possible. However, this is not a one-time thing, CryptoLocker viruses are intelligent – they change, they learn, they grow – so they are something we have to pay attention to all the time. Anti-virus companies and companies that specialize in this type of thing expect the infection rate to continue to grow and the virus to evolve, so everyone has to be aware and vigilant to protect themselves.
Scott Lewis is the president and CEO of Winning Technologies Group of Companies, an international technology management company. He has more than 30 years of experience in the technology industry and is a nationally recognized speaker on technology subjects such as collocation, security, CIO-level management, data and voice communications, and best practices related to the management of technology resources. Learn more about Winning Technologies at www.winningtech.com or call 877-379-8279.
Submitted 10 years 178 days ago