2014’s Top Network Threat: What is CryptoLocker?
CryptoLocker is a type of ransomware, yes I said it― ransom! Specifically, CryptoLocker wants your money. This can have devastating effects on your corporate network infrastructure.
In one such example cited on BubbleNews (link below), servers became captive to the infection, with CryptoLocker plaguing the entire network and encrypting 13 years worth of company files and backups.
Waiting on an important postal shipment? In a common senerio CryptoLocker begins by lurking within cleverly disguised email attachments from your friendly FedEx, UPS, and DHL delivery provider.
Once infected, the virus usually contains a limited time frame where it is asking for an explicit monetary value. Typically payment is required in the form of an untraceable transaction (e.g. bitcoins, money pack, etc.). Despite paying the ransom, some reported no decryption results after surrendering. Malicious traps could potentially be triggered after you fork over the ransom, asking for more should not surprise you at all.
Beware of multiple variants of CryptoLocker, such as the CryptoLocker 2.0 targeting P2P sites containing key generators. One of the most notable effects of this virus are reports of infecting removable drives which creates a costly situation. If you cherish those memorable family photos, then CryptoLocker is after you. The 2.0 version targets media vectors which include image, video, and music.
Taking a step back, there is room for hope, as firms have options to mitigate their exposure. CyberStreams recommends the following multi-layered ‘fortification’ against the threat.
- An effective business class firewallis your first line of defense. A good device will analyze all seven layers of packet inspection, this includes common virus vectors such as PDF attachments. (Why is Deep Packet Inspection important?)
- Implement a solution for virus scanning inbound email communications. Catch things before user error can accidently open them!
- Anti-virus on all network devices and servers is a must! Ideally, pairing a different scanning methodology with the Firewall security is a best practice. For Example: Many of our clients use a Dell SonicWALL Firewall as their front line of defense. This device using a signature based approach, which means that it is constantly checking traffic against a database of known risks. Conversely, ESET Anti-Virus uses a heuristic methodology as well as a signature database. This essentially means that they look to identify applications that “behave” as a virus would, and isolate those risks intelligently. (Why is heuristic virus scanning valuable?)
- When all else fails investing in a solid backup system is key. When deciding on a backup system keep in mind factors such as ‘time to recovery’ and ‘granular data recovery’. Some systems may backup all your data, but when you have to restore an entire server, it can take 7 – 14 days. This is an unacceptable time to recover for most companies. CyberStreams recommends Datto as a leading backup and disaster recovery platform for companies.
- User Education should never be overlooked. Teaching users to identify suspicious emails can go a long way toward preventing incidents.
- Limiting user access rights to reasonable ‘need to have’ levels. Do all users really need admin access on their PC? If that user profile becomes infected, the virus may have greater access to do damage across your network. Take a hard look at whether the controls you have in place make sense given you team member’s work roles.
If you have any questions regarding this topic please feel free to shoot me a comment or an e-mail. Better yet, you can always give us a call.
Call now: (425) 274-1121