Ransomware and the Cryptolocker Threat
In the last few months there has been a lot of national attention on data breaches and infrastructure hacks that are affecting millions of people around the country. In addition to those hacks and breaches, another type of virus/data collection malware – Ransomware – has been making its rounds on the Internet, and it’s posing quite a problem for many individuals and companies.
What Is Ransomware?
Ransomware is a type of virus that does exactly what it sounds like it does – it tries to collect a ransom for your data.
In late 2013 a virus called Cryptolocker began making the rounds. While most everyone is familiar with viruses that try to capture your protected information and passwords (phishing), overwhelm your system with SPAM, or that simply shut things down, Cryptolocker did a bit of everything – and it tries to get money out of you! Experts estimate that the operators of Cryptolocker have extorted anywhere from $3 million to $17million from their victims.
By late 2014, Cryptolocker had been identified and isolated – but in the meantime a multitude of copycat ransomware viruses have popped up. Many people, however, continue to refer to these ransomware viruses as Cryptolocker, even though they may have another name. So while Cryptolocker – specifically – may not be as much of a threat any more, its many copycats are.
What To Do If You’re Hit
The best thing to do is avoid getting hit all together (more on that later), but if it’s already too late – here are some steps to take to attempt to retrieve your data.
First, if you have a known-to-be-safe backup you can restore your operating system completely and then restore your files from the backup. This will eliminate the virus and give you your files back. However, it’s important to make sure that your backed up files haven’t also been infected – which is possible if you’re using an external hard drive that was connected at the time of the infection – otherwise all is for naught.
If that doesn’t work, there is another way! Last year a group of security firms, along with the FBI, worked to infiltrate the group operating the virus. They were able to track the file that held the master encryption codes and put together a site – Decrypt Cryptolocker – where the 500,000+ victims can find the key to unlock their files. By simply submitting one of the files that has been encrypted, the database will figure out which key was used and return it to the user. If you find yourself in this boat – be sure to submit a file that does not contain any sensitive information.
If your data is unable to be unlocked using a key generated from the site, that means you may very well be out of luck – which is why avoiding Cryptolocker all together is so important.
How to Avoid Cryptolocker
There’s no good news here – it isn’t easy. There are a few prevention tools that have been made specifically to look out for Cryptolocker, since the virus does a pretty great job of masking itself to seem harmless. Some companies have developed kits specifically for businesses that will implement Group Policies in Windows, limit access to network drives, and take other security measures.
As always, you should only open files from sources you trust implicitly. If you open a file (again, it’s generally a PDF) and notice that your computer is actually executing and downloading a file – shut off your power source immediately. This may stop the virus from fully being able to execute. Unfortunately, many users don’t realize that the file has been executed for days or weeks.
Finally – ransomware provides one of the best cases to make for regular backups and cloud storage. If your company is interested in learning more about protecting yourself and being prepared with cloud storage, backups, and data restoration should the worst occur, Contact Us!