Are You Concerned That CryptoLocker Might Steal Your Data?
CryptoLocker infects computers that run Microsoft Windows. Like other forms of ransomware, you must pay the hackers to decrypt and recover your files. CryptoLocker spreads via fake emails (phishing) designed to look like they’re from legitimate businesses.
What Happened When A Resort In Utah Got Hit With CryptoLocker?
A few weeks ago, we got a call from a well-known resort chain in Utah that was in trouble. They weren’t a client of ours, but we had been marketing to them for over 4 years. They considered using our services, but they had an in-house tech guy, so they didn’t think they needed us. How wrong they were. As it turns out, their tech hadn’t stayed on top of important security updates, and their IT system was breached by CryptoLocker. They couldn’t access their data, and they needed our help.
What Did SymTec Do?
We responded immediately. We went to the resort’s location and did the following:
- Took down their compromised servers.
- Confirmed the date and time of the infection to restore the servers back to their pre-infected state.
- Cleaned the virus off compromised machines.
- Reconnected the compromised machines to the server.
- Ran a full virus scan of all the machines and servers to ensure the infection was completely eradicated.
We were able to recover their data and get them back up and running. We set them up with a multi-layered IT defense solution, and we trained their employees on cybersecurity awareness so they wouldn’t fall victim to phishing attacks. Now with an enterprise-based onsite backup solution along with a secure cloud-based backup and recovery solution, the resort chain will always have access to their data. Today, SymTec acts as their outsourced IT solutions company to help their in-house tech keep things running smoothly.
What Is CryptoLocker?
According to the US-CERT, “CryptoLocker appears to have been spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. In addition, there have been reports that some victims saw the malware appear following after a previous infection from one of several botnets frequently leveraged in the cyber-criminal underground.”
How Does CryptoLocker Lock Up Data?
CryptoLocker encrypts your files using asymmetric encryption. It does this using both a public and a private key. The public key encrypts the data, and the attacker uses the private key for decryption. The attacker asks the victim to pay a $300 ransom fee (sometimes much more). If they do, the attacker provides the private key to decrypt the files. If not, the attacker destroys the data.
When the resort in Utah received a well-disguised malicious attachment in an email, an employee opened it, resulting in a potentially, disastrous CryptoLocker infection. The email was disguised as an urgent notice. The urgency of the email led the employee to open the attachment. CryptoLocker infected the resort’s computers, as well as files on their servers.
How Can You Prevent An Infection From CryptoLocker Or Other Forms Of Ransomware?
When dealing with ransomware, antivirus software isn’t enough. With CryptoLocker, it’s essential to be proactive instead of reactive. Here are a few important tips for organizations that want to minimize the potential damage CryptoLocker can cause:
- Data backups both onsite and in a secure cloud solution are essential to ensure files are recoverable.
- Don’t open attachments from unknown senders.
- Avoid opening attachments from known senders until you’re able to verify that the sender intended to send the attachment.
- Use caution while browsing the Internet and opening links.
- Limit your browsing activities to work-related tasks while using business computers.
If You Think Your Business Is Too Small To Be Targeted, You’re Wrong
Small businesses are prime targets for hackers because most don’t have the protections in place mentioned above. They are more vulnerable to ransomware and other forms of malware attacks because of their limited resources. Hackers know this and are now preying on small businesses worldwide.
Here’s what the Department of Justice reports:
“Ransomware is the fastest growing malware threat, targeting users of all types – from the home user to the corporate network. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015. There are very effective prevention and response actions that can significantly mitigate the risk posed to your organization.”
What Should You Do If Your Files Get Encrypted?
Contact SymTec to remove the malware and restore your files.
The increased incidence and rapid evolution of ransomware have raised concerns and stakes for both small and large businesses. Of everything we’ve discussed here, the two most important things to do to protect your business are to use a robust enterprise-grade cloud backup solution and to provide professional Cybersecurity Awareness Training for your employees. In both cases, SymTec is your best friend. We’ll help you fight and prevent ransomware and cybercrime of all kinds.
SymTec takes pride in a job well done. Many organizations in Utah, Idaho, and now across the Western United States, trust SymTec to be their complete outsourced IT department.
Did you find this article helpful? We have many others in our Learning Center. Here are a few more for you to check out:
Intel Chip Vulnerabilities: What We Know So Far!
August 2018 Ransomware Update
What Employees Need To Know About Phishing Attacks