This ransomware means serious business!!
CryptoLocker is a dangerous malware because it has managed to mutate and by-pass most anti-spam and anti-virus security software. WHICH IS BAD NEWS! When infected, the malware encrypts documents (e.g. Like MS Word, Excel and PowerPoint) and demands a payment to decrypt the data. The fix normally requires a full restoration of a companies system which is time consuming and needless to say this WILL impact and interrupt business operation.
HOW CAN YOU AVOID THIS MALWARE? EDUCATE YOURSELF! Educating yourself on what to avoid and remaining vigilant plays an important role in combating this ransomware. There are also some defensive strategies to minimise your own personal risk and your companies.
CryptoLocker in Australia
CryptoLocker has attracted numerous public media reporting. Examples include:
- 21 Dec 2013 – ABC News – Security exports warn of growing threat of ransomware ‘CryptoLocker’
- 17 Sep 2014 – The Age – Hackers lock up thousands of Australian computers, demand ransom
- 6 Oct 2014 – ABC News – Crypto-ransomware attack targets Australians via fake Australia Post emails
- 30 Oct 2014 – The Age – Fake speeding fines make Cryptolocker lock up Australian files
- Once infected, it can be very disruptive to the business as the malware attempts to encrypt a range of documents including MS Word, Excel and PowerPoint. This malware looks for these documents on the local computer as well as all the shared network drives. The Malware will then demand a payment to decrypt the data. Hence, the term ransomware.
Governments around the world have attempted to shut down the operation. However, variants of this ransomware have spawned and we have seen a sudden jump of occurrences in the past fortnight.
User Education is Key
A common way CryptoLocker is distributed is in the form of Phishing emails. We have an article with a definition of and examples of this type of email. Essentially, they are fraudulent emails that masquerade as a trustworthy source. In the CrytoLocker case, the emails may contain a .ZIP file or a link to a website where the malware will be downloaded.
The spread of ransomware is mainly driven by users’ carelessness and ignorance. Hence, it is very important to continually raise awareness and educate staff. All employees need to be aware and be very suspicious of the following:
- Avoid suspicious websites at all costs.
- Avoid following links and advertisement links in social media web sites such as Facebook and Twitter.
- Never open emails that appear suspicious or from unknown entities.
- Do not open .ZIP document unless you have been specifically informed that a .ZIP document will be delivered.
- If in doubt, always consult your IT department or IT provider.
The Australian government has a number of web sites designed to promote online safety:
Please encourage your staff to visit these 2 web sites. It is for the benefit not only to your business, but also to their personal use in protecting their home personal computers.
Other Defense Measures
If you are responsible for your business or organisation, these are the defensive strategies that you should put in place:
- First and foremost, users must have current anti-virus software on their computer. The anti-virus software must be updated regularly (at least once every 4 hours) and the computer must be scanned regularly. We recommend AVG Cloudcare as it provides a web based console to manage and monitor the anti-virus status of all your computers, including those operating remotely.
- Ensure you have a regular back up as well as archives.
- Use a hosted anti-spam filter such as AVG Cloudcare or Mailguard. If you are using Office 365, this feature is already provided.
- Implement a web filtering solution to restrict users to access permissible web sites only. This solution is available on commercial graded firewalls such as the Cyberoam as well as software based solution offered by AVG Cloudcare.
- Implement a gateway level anti-virus and anti-spam solution. This solution is available on commercial graded firewalls such as the Cyberoam.