Security Warning: Cryptolocker
VISITS is issuing a warning to businesses to be extra vigilant with IT security, including educating staff about not opening unsolicited attachments. This follows increasing prevalence of the Cryptolocker trojan amongst businesses.
Cryptolocker is a nasty ransomware trojan that is a good demonstration of how the weakest link in your IT security makes your business vulnerable.
In short, Cryptolocker infects a computer, but it does not stop the computer from working or spread to other computers. Instead, it encrypts files that the computer can access, including those on the computer itself and those on your servers or other attached storage.
The trojan then communicates with the criminals servers and stores the decryption key on those servers. Eventually, Cryptolocker pops up a message on the infected computer demanding a payment of US$300 in return for the decryption key, with a warning that the decryption key will be permanently deleted after 72 hours!
The method of encyption is very strong and for all intents and purposes, the files are unrecoverable unless the decryption key is obtained (or the files can be restored from a backup). To other staff who try to open the file, the file appears to be 'corrupted' and cannot be opened.
It is important to understand that the encrypted files are not infected with the trojan. As such, virus protection on your servers will not detect the presence of Cryptolocker and its encryption. As far as your server is concerned, the files are just being accessed by your staff as normal.
- Ensure that all of your computers and servers have up-to-date security and antivirus software.
- Ensure that all of your systems have patched Operating Systems and software.
- Do not allow 'Bring your own Device' computers on your network unless they have corporate grade security software and are properly maintained.
- Remind staff not to open attachments that are not expected, or look unusual.
- Ensure your files are backed up, and stored on a system that is not simply mapped as a network drive.
- Do not give your staff more access to the network shares as required.
- Do not give your staff admin privileges to user accounts - Cryptolocker has the same access to files as the staff member who is logged in.