The Business Impact of CryptoLocker
man

We monitor your
systems to keep
your business running...

legs

The Business Impact of CryptoLocker

The Business Impact of CryptoLocker
Written by Craig Dennis   

We often hear about the latest threat to Internet users and data security but because these global scares are reported every other week with little apparent "real-world" impact we tend to ignore them. Too often it's like the boy who cried wolf.

Here's a brief report on a customer of ours who last week was a victim of CryptoLocker - a nasty type of “Ransomware” that encrypted all their files and demanded a payment so that the files could be made readable again - and to give some tips on how to avoid this happening to you.

Here's what happened:

 

  • Last Tuesday a couple of staff members received a normal looking email with a PDF invoice attached.
  • They opened it - not recognising that the filename was something like "invoice12345.pdf.exe" and then continued working as usual.
  • In the background, the fake PDF file installed CryptoLocker and commenced encrypting over 2000 folders on the company's servers and tens of thousands of files. Once encrypted these files were inaccessible.
  • CryptoLocker also installed “helpful” files in each folder that directed the user to pay a ransom to have the encryption removed.

Cryptolocker Ranson DemandIn a breathtakingly short space of time our customer's business had ground to a halt.

The good news is that our customer had good backups and we were able to restore files and clean up the infected PCs. The bad news is that they lost about two days of productivity and had to pay for our services to get them back on track.

Clearly these types of attacks are a genuine threat to both business and home users.

Here's some things you can do to help keep malware at bay:

  • Use and maintain a Malware scanner. Because malware generally needs assistance from the user to install just like any other normal program, it doesn't behave like a virus. This is why Anti-Virus products aren't all that good at identifying when you have been attacked.
  • Avoid using local administrator or, worse still, domain administrator rights on your PC. These permissions are usually only needed if you are installing software or performing an administrative function. Create a “normal” user for yourself and only log on as an administrator when your really need to.
  • Don't click on links in unexpected emails. Obvious spam email is easy to avoid - but if someone in your contact list sends you a link be cautious and check it out first. A new tactic is an offer to share a Dropbox folder. In particular be wary of exe, zip and pdf files.
  • Don't download anything from dodgy websites. This also applies to downloading mobile apps from third party Android markets as well. 
  • Backup your important files regularly either to the cloud or removable storage. Remember that a connected USB backup disk will likely become encrypted if you happen to be infected.
  • And don't pay the bad guys. It only encourages them.

.

Last Updated on Tuesday, 01 July 2014 11:38