The Cryptolocker family of ransomware viruses and look-alikes (CTB Locker, Cryptowall, Torrent Locker, Locker, Locky etc.) are now well known as one of the major causes of data corruption and data loss across the world. Cryptolocker doesn’t discriminate, from the single user to the largest corporate network, it can invade and lock down all data inside the network. Once your data is encrypted you are in big trouble! Data retrieval & Cryptolocker removal is a big deal.
Recently new variants have appeared that are essentially the same Trojan, but are much more effective in preventing Cryptolocker removal & data retrieval. Cryptolocker is propagated via infected email attachments, and via a botnet; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public key cryptography.
The payload hides within an attachment or a link to a website. Once a user opens the attachment or the website link, the virus is activated and promptly goes about encrypting your files (both on the infected machine and on any additional network shares it can find).
Once the encryption process is complete a message, pops up on your screen delivering both the bad news and a ransom demand. Extortion of your hard earned money has begun. Because of the high level of encryption used by the virus, the only way to get your data back is either to pay the ransom or recover your files from last night’s backup. In addition, many extorted business owners have reported that the payment of the ransom does not always get their data back.
How to prevent a Cryptolocker infection?
Prevention – don’t open or click on unsolicited emails
- Educate everyone on the risk of opening email attachments that they shouldn’t. They may receive an email that they weren’t expecting or something may look wrong about it. These emails can also come from a spoofed account that may look legitimate or even appear to be from someone you know. The bottom line is to always be careful when opening email attachments.
- Well known examples include emails from Banks, Police, Postal Services & Government agencies – remember if in doubt don’t open or click
How do you mitigate Cryptolocker risk?
Our Number 1 Tip – Always keep a non-networked copy of a backup of your data by rotating storage media – external hard drives or USB or use a non-synced cloud backup resource.
- Regularly backup important data. Keep it within unconnected storage & rotate storage media.
- Always ensure your operating system and security software is fully updated.
- Consider purchase of a specialist anti cryptolocker tool.
- Consider moving more of your data into cloud storage (not OneDrive or synced storage)
- Block all .exe and .zip attachments at your email gateway.
What to do if you have Cryptolocker?
If you get a Cryptolocker pop up message on your screen it will generally say that all your files have been locked & encrypted, this means the execute file is in progress or finished the encryption. Before you consider Cryptolocker removal you must immediately do the following to minimise impact on your machine and network (it can spread to others on your network)
- If one of your computers gets infected, then immediately disconnect it from the network & shut down the infected machine. You should also shut down all other devices on your network.
- If you have been compromised then immediately change all of your organisation’s network and on-line passwords.
- Disconnect all backups on your network including other non-infected devices.
- Removal all LAN & device connections.
- Call an expert to get professional advice on next steps
Once you have isolated your machine & network, a professional such as Computer Troubleshooters, can do an evaluation of your next steps – checking backups, assess other devices, extent of infection, & the best method of data retrieval.
Once this is done we can determine if we can do a data restoration & Cryptolocker removal – it is a complex process, and in some cases if a backup has not be done properly or the steps above have not been followed it can be a compromise solution, or worse case you may need to pay the ransom. Even if you pay the ransom the Trojan still needs to be removed otherwise it can be reactivated,
Prevention is Key
With this type of threat it is better to “think when, not if”, as the human element eliminates even the best planning. Thinking now about business continuity may save considerable time, expense, and disruption.
Computer Troubleshooters can do an assessment of your business’ computer network. We can also provide recommendations for establishing a strategic approach to cyber security and assist you with a variety of solutions to reduce the risk of a security breach. We strongly encourage you to prepare your business for the threat of a cyber security crime, call your local Computer Troubleshooters office today for help and advice.