Cryptolocker / Ransomware – prevention is better than the cure

Cryptolocker / Ransomware – prevention is better than the cure

Jul 29, 2015

We’d like to make all our customers aware of an extremely serious threat to your PC, Notebook and Server.
We are seeing far too many businesses brought to their knees as a result of this infection.

Cryptolocker is one of the most vicious viruses we have seen over recent years. Commonly known as ‘Crypto’, it has the potential to take down an entire company even where backups are in place. The threat is serious enough that even the Australian Government has issued warnings and papers on the threat.

Cryptolocker is a ransom style virus but unlike the AFP (Australian Federal Police) ransom virus, Cryptolocker actually spreads through your system encrypting files as it goes, hence the name Cryptolocker.

cryptoscreencap

The main thing that makes Cryptolocker so devastating is in this world of automation, Crypto will actually sync to your backups, including online backups and dropbox, to the extent that we have even seen the infection spread from one PC into DropBox and back out to another PC.

Although Cryptolockeritself can be removed, files remain encrypted with a message which offers to decrypt the data if a payment is made by a stated deadline, and threatens to delete the decryption key if their deadline passes. Without this decryption key, restoration of the files is currently impossible thus the necessity for proper backups.

We have noticed in some cases that the amount requested grows the longer Crypto is on your system, some reports even suggest that if you try to get around this by changing the date on your PC they will penalise you by significantly increasing the ransom amount.It is advisable not to pay any ransom as there is absolutely no guarantee that the files will be restored. Instead trust in your own data backups. If you do not have a tested backup strategy, contact us now for advice.

Most reports are suggesting that Crypto is spread via email attachments, specifically invoice and remittances related however we have also seen it attached to “unsubscribe” links on SPAM emails.

How to prevent getting the CryptoLocker virus

  • ​Only open email attachments from people you know
  • Stick to Business related and trusted websites
  • Apply the latest updates to software you have installed – contact us if in doubt
  • Backup! – don’t under-estimate the importance of backups, they don’t need to be expensive and elaborate it can be as simple as a USB thumb drive, USB external drives or burnt DVD/Bluray discs. These backups are best kept off-site, as this reduces threat from data loss from fire also.
  • Always have up-to-date antivirus – at the moment ESET is the only antivirus program we recommend that we have successfully tested in blocking Crypto.
  • For this particular virus try not to leave backup devices attached, or syncing to the cloud
  • Test your Disaster recovery plan regularly. If you don’t have a disaster recovery planthen please contact us to get one in place

Lastly if you think you have a CryptoLocker infection, immediately shut-off all computer & network devices and contact us. DO NOT TURN BACK ON until you have consulted with us.

~example image below for filename appearance when Crypto has executed~

cryptofiles

Leave a Reply

Your email address will not be published. Required fields are marked *

MicroEd Computers & Internet - Providing Computer Sales, Repairs and IT Support since 1984

MicroEd is a Telstra T-Suite Partner
MicroEd is proud to become a Telstra T-Suite and Microsoft Exchange Online partner.
MicroEd is Microsoft Registered & a Microsoft Exchange Partner