It’s about 8:30 at night you are just finishing up the dishes after dinner. You receive three missed calls from one of your employees. Something must be wrong for her to call that often, this late at night. You ring back and discover that all of the company files are being held to ransom. Not just your team member’s- everyone. Your heart starts to hammer through your chest and the acid and starts to slush in your guts. You cannot access any of your databases or documents unless you pay a ridiculous amount of money. This is a disaster. You have become the victim of CryptoLocker Ransomware.
This infamous family of ransomware is a very successful business model. So successful that in 2016 the FBI reported that up to 24 M was paid in ransom and that is just the amount that got reported.
Be aware that CryptoLocker ransomware loves networks and can wreak havoc on not just desktop’s but your whole network by encrypting their contents in just a matter of seconds. Gone are the days of low-level surveillance as the virus sits silently watching before an attack. Now, CryptoLocker does a smash and grab. A damn effective one.
How CryptoLocker gets its fangs into your systems.
- Cleverly crafted emails get sent systematically to your teams’ email accounts. They will contain a file that needs to be downloaded and may be password protected. Often, they appear to be from a freight company or similar style of business.
- Some malware takes advantage of bugs in programs such as Microsoft Office or browser extensions like Flash and Java.
- Popular now is “Malvertising” where malware is embedded into advertisements and gets downloaded when an ad is clicked on.
The best way to deal with CryptoLocker is to create a complete line of defence that works on many levels and remove its speed advantage by adopting a defensive strategy that will stop them in their tracks.
13 ways create strong line of defence against CryptoLocker Ransomware
- Use an intelligent firewall that identifies traffic types and assesses whether the traffic on your network is legitimate or has identified ‘tells’ indicating suspicious activity.
- Create a directory of safe or whitelisted programs and apps that are permitted. Set up the systems so that programs outside these can’t be downloaded without and administrator checking them out first.
- Use additional or redundant servers to segment access to critical data. Again, reducing your vulnerability by building mini fortresses around key data and documents.
- Train your staff. Educate them on how to identify suspicious files and do things like right click on their mouse to scan attachments. Then send staff simulated “phishing” attacks to test them. It will become a bit of competition and it will really help to entrench what to look for.
- Data backup daily is vital. It’s a basic. Here’s how you do it successfully. Your data must be stored in a separate physical place of storage or in the cloud. Whichever method you use, ensure that it is offline and not directly connected to your desktops or networked laptops. Only connect your machines while backing up and then disconnect. Make sure that back up is encrypted.
- Ensure Microsoft Windows default settings for extensions are disabled. You want to be able to see the type of extension so that you can determine whether it’s safe to open or not. ZIP files or .exe files are usually not.
- Use Microsoft office viewers. Viewers let you see what a document looks like without macros. You can set up your systems so that this is the default when opening documents.
- Again a no brainer, but worth the reminder, update all your apps regularly. Setting the default to automatic updates ensures that any malware taking advantage of bugs in your operating systems cannot get through.
- Goes without saying, when downloading an email never enable macros.
- Use an anti-spam system for your email that will block any .exe files (including .ZIP files). Don’t just rely on the presumption that your email account has one.
- Use ad blockers to avoid malvertising.
- Finally, there is no point in having operating systems and security system software, unless it is regularly updated. The best way to do this is by setting your systems to auto-update.
Keeping your business safe from the likes of CryptoLocker Ransomware is not just about having antivirus programs on your operating systems. Take the above precautions and your business will be able to continue to enjoy the success you now do. Establish a strong first line of defence in place and you’ll be well ahead of the pack.