Home     Security       CryptoLocker: What Is It and What Does My Business Need to Know?

CryptoLocker: What Is It and What Does My Business Need to Know?

When you’re in business, the last thing that you possibly need is a malware attack on your systems. On your personal systems, it might be scary, costly, and cause a lot of damage, but when it happens to your business it has the potential to bring the whole place down. CryptoLocker was a specific type of malware known as ransomware that popped up in September 2013 and immediately became a high priority threat to systems around the world.

CryptoLocker – Locking up your files and taking away the keys

CryptoLocker was spread via an innocuous-looking email with a zip file containing an innocuous looking “pdf”, which was actually an executable file in disguise. When opened, this executable was what started to do damage.

So, what did this specific malware do? Well, once activated, the software set about encrypting certain types of files on the host computer’s drives, as well as connected network drives and cloud drives with RSA and AES cryptography. The key to unlocking the files? Stored on the offender’s slave control servers (other infected machines).

Once the files were finished encrypting, Crypto-Locker then displayed a timer message demanding that the user paid an amount in Bitcoin or other online payments (the equivalent of around $300USD) within 72 hours or risk having those files locked forever. The given amount varied over time.

CryptoLocker were true to their word, however. Once the ransom was submitted, the encrypted files were unlocked. In later months after release, the malware also offered a decryption service – to those who hadn’t paid the ransom before the timer elapsed. Plenty of victims paid the ransom, including a US police department.

Eventually, in May 2014, the distribution network of the malicious software was taken down. In the process, security involved managed to find the list of private keys which were then offered to remaining victims for free via an online tool.

So it’s over?

I bet you’re thinking, well that’s great then! Unfortunately, just because one version of CryptoLocker was disassembled and no longer a threat doesn’t mean that there are plenty of other similar types of ransomware out there looking for a way into your systems.

There’s been plenty of other CryptoLocker wannabes floating around since, the most famous being WannaCry and Petya.

So, even if you think that CryptoLocker is done and dusted, that’s no reason to ease up on security or start trusting random attachments that you receive in official-looking emails.

Protecting your business against ransomware

This poses the question. What do you need to know about protecting yourself against ransomware attacks such as CryptoLocker?

Use offline backups

For a start, you should make sure to make backups of files that are not connected to any of your networks every so often – and preferably not connected to any networks, offline. Taking system snapshots that you can restore (and storing offline) will come in handy if you don’t want to hand over a ransom or don’t believe the attackers will follow through on their decryption promise!

When restoring from backups, you’ll need to make thoroughly sure you’ve removed the ransomware from your system, or the files on the drives you’re backing up from will start being encrypted too.

Block unknown executables from running on user accounts

Head into user settings and configure it so that users on your network cannot run any executables that aren’t already known to the system.

Enable automatic patching

Next up is automatically patching both your clients and your servers on any updates. Since these attacks are Windows-based, this feature is fairly easy to switch on. The same goes with any non-Windows software that you have installed on the system – in case the attack manages to come through one of these applications. Generally, Windows and well-known applications are very quick to provide fixes and put measures in place that stop these attacks creeping in.

Educate your team

Educate your staff. Most commonly, these sort of attacks find root in social engineering. The CryptoLocker attack started with emails that looked legitimately like accounts records that encouraged users to open email attachments. The more you educate your staff about the dangers of cybersecurity attacks, and more importantly how they get in, the less likely you are to have them happen to you. There are cybersecurity classes that you can purchase from providers if necessary.

While not everyone practices common sense at all times, the more education your team receive, the more likely they are to remember when staring down the barrel of a slightly odd email/phone call/request.

Implement strong email rules

There are various rules that you can set up to limit the distribution of emails to clients within your system. For instance, you can immediately quarantine any zip folders sent. You can disallow emails sent from domains outside ones that you permit. You can set up custom rules only allowing for attachments from internal email addresses… and so on.

Let managed services do the work for you

If your business can’t keep up with the security demands of today, then it might be time to think about letting someone take care of the administration side for you. Managed services can implement best practices to help keep your systems secure and stay up to date with the latest in security.

Subscribe to our newsletter

Enter your email and stay in touch with the latest updates from A1.

Call us now