Warning over Cryptolocker attacks

warning

The National Fraud Intelligence Bureau is warning about the damage being caused by Cryptolocker, a destructive malware that installs itself on computers and effectively holds peoples’ files to ransom. Affected businesses and individuals will also incur losses, such as wasted time, lost revenue and additional IT costs, in addition to further implications for files that are not separately backed up.

How does the threat get in?

The malware is predominantly deployed via zip files in e-mail attachments and web links exploiting legitimate public sector organisations’ branding.

  1. An e-mail attachment or Internet link that contains the malware is opened on your computer, which installs the malware, or your computer is already infected with malware (ie a Botnet) and the criminal uses this to further infect your computer with CryptoLocker.
  2. The malware runs and installs CrytpoLocker.
  3. The malware encrypts all the files it can find including images, documents and spreadsheets.
  4. The malware then pops up a page giving you limited time, usually 72 hours, to buy back the private key, typically $300, to regain access to your data.
  5. It’s unclear as to whether access is regained after paying the ransom.

If you are unfortunate enough to catch this virus it will:

  1. Uninstall your antivirus
  2. Encrypt all the documents it finds on your PC, Word Docs, Excel Docs, Images, Access Database Files, Your email and lots more.
  3. It will look for mapped network drives for shared folders on other PCS or Servers etc. on your network and encrypt anything it sees on these.
  4. Encrypt the contents of any drop box services it can find.
  5. If your backup is provided by copying your files to a device either plugged into your Server / PC or another device through a mapped drive it will in all probability encrypt your backup at the same time.
  6. Because the people behind this are seriously resourced the latest version of the Virus won't get spotted by your Antivirus, whatever make you use as they are evolving it all the time to stay one step ahead.

The encryption it uses is proper Military grade encryption, if your files get encrypted your only hope of ever getting access to them again is by having a good back up policy.

Backup your data and create system images NOW. We can sort this out for you if you haven't already got a PC/Laptop backup in place and make sure it is backing up everything you need to restore your business. If in doubt call us.

How can you reduce the risk of becoming a victim?

  1. Do not click on attachments unless you can verify the source, particularly if you are not expecting correspondence from the source.
  2. Install and run proper business level security software and set to update automatically.
  3. Set your computer’s security settings to update automatically.
  4. Increase security settings on your browser.

Do please take this very seriously, as it has the potential to destroy or at least do serious damage to a business.

Can you carry on operating your business if you don't have access to any records?