We recently wrote about the dangerous new ransomware malware circulating around the Internet. Called Cryptolocker, it will encrypt your files and documents and make them impossible for you to use. Unless you have a reliable backup of those files and documents, the only recourse once infected is to pay the $300 ransom in order to obtain the decryption key. We don't recommend paying a ransom to cyberterrorists, so make sure your backup system is adequate and functioning properly. This is one of the nastiest and most dangerous malware outbreaks yet discovered.
The best way to deal with Cryptolocker is to avoid getting it in the first instance. Traditional antivirus and antimalware software, even when fully updated, is not a reliable defense to Crytolocker. Because Cryptolocker uses and social engineering technique called phishing, users inadvertantly invite Cryptolocker into their computer system. Once there, it will encrypt not only files and documents on the computer's local hard drive(s), but also on backup drives attached via USB and on other computers' drives accessible over the local network. In other words, it has the potential to also encrypt your backup files, making a restore impossible.
Here are two ways to avoid Cryptolocker:
- Don't open attachments you are not expecting, and especially don't open attachments from senders you don't recognize.
- Hover over any in an unfamiilar email. Most email programs will preview a link my moving your cursor over it. If the link preview is from an unknown source or appear to have no connection with the sender, it may be malware
If you click on an unsafe link or download an dangerous attachment and receive a Cryptolocker message, immediately disconnect from your network. It is likely too late to save your computer, but you may be able to prevent files on networked computers from becoming encypted and therefore useless. Also, unplug your backup drives immediately to prevent "hot" backup systems (those that back continuously each time a file is changed) from overwriting your good backup files with useless encrypted files.
The emergence of Cryptolocker is a good reminder to implement a comprehensive backup and restore plan. A good rule for backup plans is 3-2-1. This means you have at least three copies of every file: The original on your local hard drive; a local backup to a networked drive or external USB drive; and a remote on-line backup. You also have backups on at least two different types of media: hard drive; tape; DVD; thumb drive; cloud drive to protect against different types of threats. Finally, you have at least one backup offsite, usually with a reputable on-line backup service.
It is important to also understand the difference between a hot (continuous) and cold (timed interval) backup. Having at least one backup of each type is helpful. Hot backups, which are usually a good idea because they prevent even the smallest loss of data, are no protection against Cryptolocker because as soon as Cryptolocker changes a file and encrypts it, your hot backup system will backup the new useless file over the good backup. Make sure your hot or continuous backup system offers versioning and that you select that option in its setup menu. Versioning takes up more storage space (locally or on-line), but keeping the last several versions of a file will let you restore from an earlier backup even if Cryptolocker overwrites the most recent backup with a bad locked version of the file.
If you need help deciding on or configuring your firm's backup system or need additional information on protecting your computer and network, contact Affinity Consulting Group.