The CryptoLocker ransomware is back with a vengence. If you have data, you’re a potential victim.
CryptoLocker is a nasty piece of ransomware that, once it infects your computer, begins to systematically encrypt every file that you have write access to. This
typically includes files stored on your local hard drive, on external hard drives (like the USB backup drives that are very popular) and shared network drives. Once the damage is done, the malware demands a ransom in exchange for the key to decrypt the files so that you can have access to them again. It uses very strong (2048 bit) encryption and, to my knowlege, has not been broken yet. What’s more, as the command and control servers are taken down, some users have paid the ransom but been unable to get the key. It is typically delivered via an infected email attachment and, in most cases, does it’s damage well before the victim really has a good understanding of what’s going on.
The good news is that more and more antivirus products are getting better at detecting CryptoLocker before it’s too late, but the bad news is that they’re still playing catchup and, if you do get hit, without an up-to-date backup, your data may be irretrievably gone (even if you do opt to pay the ransom).
The short story, if you have data (anything from pictures of junior at the late to the Quickbooks / accounting information for your company to the only copy of the design files for the invention that’s going to make you rich and change the world), if you’re not backing it up somewhere that’s physically separated from you, you’re running a significant risk. We had a client with an up-to-date install of Symantec Antivirus last week that was hit and was able to stop the infection at a single workstation and recover via their tape backup. In another case, the client had an online backup with CrashPlan that had versioned copies of all of the infected data and they were able to recover quickly.
If you have data that you want to keep, take a moment now to protect yourself with a few simple steps:
- Have a backup. The best defense that we’re seeing against this has been with tape backups (yes, the things that you stick in VCRs because they physically eject when they’re done and users don’t have access to the data) and online backups (the $9.99 per month deal from CrashPlan is hard to beat). If you do get infected, this backup is going to be the only dependable way to recover.
- Have good, up-to-date antivirus. Our recommendation here is ESET / NOD32.
- Keep your systems up-to-date. Microsoft and Adobe release updates the second Tuesday of each month and Java tends to release updates on a quarterly and then ‘whenever someone finds another hole in our stuff’ type schedule. We send a monthly newsletter with details on the updates and then spot emails (like this one) when something big comes up.
- Best practice. Always assume that an email attachment is a virus and do not open it directly from email. If you have to open it, save it to your local drive (to give your antivirus another chance to scan it) before opening it. Read the email and check for obvious bad grammer (all your base are belong to us).
There is a really good article on someone that got nailed with this here.