A year ago we used this space to discuss a specific piece of malware known as “CryptoLocker”. While some of the major players exploiting CryptoLocker have been shut down, variants have appeared and are creating new headaches for thousands of PC users – and this is serious enough, it deserves some attention again.
If you’re not heard of it, CryptoLocker is “Trojan Horse ransomware”. A “Trojan Horse”, is like the original Trojan Horse, something that appears innocuous but which contains something dangerous. “Ransomware” is a category of malware that, as the name implies, demands a ransom. In the case of CryptoLocker, the Trojan Horse encrypts an infected computer’s data files (and potentially even files on a PC’s mapped drives, which means server files!). Those files are held ransom in that encrypted and unusable state until the ransom is paid.
The good news is that the original CryptoLocker and its more recent variants are easily removed. The bad news is that removal won’t decrypt your files. So your choices, once infected, are to pay the ransom or restore from backup.
The best course then, as always, is to avoid the infection... but how?
Well, this malware is spread almost exclusively by email. If you’re using a commercial spam filter, chances are excellent it will stop CryptoLocker before it reaches you.
Some commercial antivirus / antimalware products can detect and stop this either on arrival or before execution if opened. In particular, the Professional version of Malwarebytes (included in our IT Vigilance services program) has been effective in stopping known variants of this bug.
If CryptoLocker gets by all of that and reaches your Inbox, the best defense is the one we always offer when it comes to email… if it you don’t recognize the sender, or if you do but they’d have no reason to send you an email with an attachment like the one received, DON’T OPEN IT, DELETE IT. Problem solved.
One significant hole in that protection can be personal email accounts accessed via the Web from the business PC. Their virus and spam filtering tend to be less rigorous – and users may be less careful with their personal email than they are with their business email, increasing the chances of opening something bad.
Some companies address this by prohibiting access to Web-based “freemail” like your local Internet provider’s, Hotmail, Yahoo, Gmail, etc. Whether or not you want to do that in your environment may be something we can help you decide as part of an overall risk assessment.
And finally, most PC’s are not backed up. If you have critical data stored locally on your PC’s and that data exists only there without a backup, you’re at risk, not just from CryptoLocker, but other damaging malware – or even plain ol’ equipment failure.
Backup your PC’s or make certain their critical data is kept on a server or other storage medium that is backed up regularly. We can help with that, too.
