Four Steps to Protect Yourself from CryptoLockers
CryptoLockers are one of the most serious security threats on the Internet today. Being infected with a CryptoLocker can seriously impact your business, crippling your systems and rendering them inaccessible. CryptoLockers are complicated multi-layered threats so protecting your network and computers from them is not simply a case of installing anti-virus software. itro has identified four steps you need to follow to protect yourself from CryptoLockers and ensure your cyber security.
What is a CryptoLocker?
A CryptoLocker is a type of trojan or virus known as ‘ransomware’. Ransomware threats are becoming more and more widespread across networks every day. CryptoLockers trick a user into running a file which will launch the ransomware. In most instances, the victim receives an email with a password protected ZIP file purporting to be from a real company. Often the emails are so convincing so they catch out tech savvy people, who are trained to notice IT risks!
The CryptoLocker uses Windows default behavior of hiding an extension from file names. Without seeing the file extension you feel safe opening a file, having no idea of the danger. It is first executed when a user opens an email attached ZIP file and, when prompted, enters a password that is included in message of the email. This opens the ransomware file and it spreads from there – you won’t even know what has happened.
These viruses are able to evade most anti-virus and malware protections due to their ability to exploit legitimate and trustworthy actions such as file sharing. itro have resolved many infections at different organisations and, whilst we’ve been able to recover the client’s data each time using their secured backups, the infection has caused business downtime, lost productivity and lost income.
As soon as a victim runs the ransomware, it goes into the memory on their computer and takes the following actions:
- modifies the system registry to launch itself every time the computer boots up; and
- launches processes to protect itself from being deleted or terminated.
CryptoLocker malware will start encrypting all the files it can see from the infected PC. Unless you have taken steps to protect yourself BEFORE an attack, the only way to decrypt your files is to pay the ransom to the distributor of the malware. Hence the term ‘ransomeware’. Even when paying a ransom results are uncertain and supports criminal activity. itro recommends AGAINST paying any sort of ransom.
How to avoid CryptoLocker
Remove the worry of being held to ransom for your own data. Follow the four steps identified by itro now, and protect your organisation and your PC from CryptoLockers!
This malware spreads via email by utilising social engineering techniques so the best defense is well trained users who exercise caution with email attachments they receive.
The Four Steps to Protect Yourself from CryptoLockers:
- Stop it from reaching your ‘front door’. Ransomeware threats are usually spread via email so use a Cloud-based email filtering service to detect the threat before it arrives at your network. itro recommends ControlNow as our preferred Cloud-based Email Protection Service.
- Don’t let it through your ‘front door’. Have a firewall that supports deep level content inspection to prevent viruses entering your network. itro installs Watchguard firewalls with APT blocker features enabled. These features help prevent the Trojan from penetrating your network.
- Stop or slow down the spread if it gets into your network. Have a top level Anti-Virus Security Suite, such as Webroot. It has a high probability of detecting and preventing the ransomware early before it infects and encrypts your PC or, even worse, your entire network.
- Restore your data. A secure Backup Solution is the last resort to recovering your files in the case of infection. Have a ‘snapshot’ backup that runs continuously throughout the day to a destination that is NOT on your internal network. itro implement comprehensive Backup and Disaster Recovery solutions utilising ShadowProtect software on exclusive itro managed Cloud Servers that will hold your data securely in an off-site location.
Ransomware poses a significant and tangible threat to your business, but implementing the above four steps will minimise your likelihood of being infected with a CryptoLocker.
Please remember a first rate Backup Solution is, and always has been, the best practice to protect yourself losing your files. A quality Backup Solution will ensure that, no matter what happens, you will be able to restart your business quickly and cost effectively.