CryptoLocker: A description of this malware and how to mitigate it
At Aldridge, CryptoLocker is no stranger. Our team of technical professionals have helped hundreds of companies fight for the security of their data.
Yes, there are technical measures that have been developed to prevent malware like CryptoLocker from hijacking your files, but cybercriminals have made a business out of this information thievery, and their methods develop right alongside prevention tactics.
This is why it’s important to stay informed about the latest methods cybercriminals are using to trespass your network or fool your users into opening the door themselves. In this article, our experts review CryptoLocker risks, how to address them, and most importantly, how to avoid them.
What is CryptoLocker?
CryptoLocker is a form of ransomware that essentially hijacks a user’s documents and requires the victim to pay (by a specified date and time) to get back their files.
CryptoLocker has been a thorn in the side of businesses for more than 4 years, but the tactics used to trick users into activating the malicious software have become increasingly harder to identify, causing more and more users to fall victim to CryptoLocker every day.
In 2016 alone, ransomware attacks increased by 500% over 2015, and approximately 30 to 35,000 devices were infected resulting in the loss of over $1 billion in ransomware payments to cybercriminals.
CryptoLocker ransomware is generally installed because a user opens a malicious link or attachment. Whenever the user opens the harmful material, all their files will be encrypted and a ransom note will appear on the screen that demands a bitcoin payment for a decryption key to unlock them.
Unfortunately, some cybercriminals fail to keep their promise (surprise surprise) and the user is left with an at-risk network and a lighter wallet, even after paying the requested sum.
What should you do if your device is infected with CryptoLocker?
From our experience, when a user realizes their device has been infected with CryptoLocker, their first reaction is panic.
CryptoLocker is different from other versions of ransomware in that users can still operate their device and access their normal applications, but their files remain inaccessible.
Imagine opening Microsoft Excel to make finishing touches before your meeting with a potential client. You’re likely nervous and in a hurry when suddenly a message appears requesting 2 bitcoins in exchange for access to that important presentation.
If you’re a human with human emotions, you’re probably close to giving these people the keys to your car about now… anything to get your files back before your meeting starts in an hour.
Don’t. Take a breath. Hopefully you have a backup solution in place that you can revert to. If so, contact your IT team to inform them of the issue so they can begin the process of restoring your files.
If your organization does not have a back-up solution in place, still notify your IT team because they’ll want to follow certain protocols.
While it may not feel like the right thing to do, do not pay the ransom.
Malware has transformed into a literal business, operated by a community of interconnected cybercriminals looking to exploit your network vulnerabilities, human or technical.
When users pay the ransom, they’re simply supporting the crime by which they were just victimized. Instead, our experts recommend implementing the solutions and practices described in the following paragraph.
How can you prevent CryptoLocker?
There are technical ways to prevent cybercrime from affecting your business, but they can’t protect all vulnerabilities. Experts recommend a combination of both technical and end-user security measures to keep your network secure.
Of course, your business should have a layered security approach that includes antivirus, anti-malware, and anti-ransomware programs. However, the most dangerous security vulnerability for a company is its users. If an employee clicks on an email link from an unknown sender, it could expose your entire company to a security breach.
Today’s cybercriminals are becoming increasingly clever. Social engineering tactics allow hackers to “trick” users into thinking they’re communicating with a familiar person.
Users often receive an email that appears to be from someone they know. It may request the wiring of funds or divulging of business-critical information. Or you may receive an email about a shipment or a problem with a bank account. While the email may appear valid, there are likely small errors that can reveal it’s fraudulent.
Such emails are often riddled with slight misspellings, capitalization problems, or incorrect branding.
For example, the logo might be outdated, or the last name in the sender’s email address may be spelled incorrectly or not reflect the email address of a legitimate sender
Before responding to a request, contact the sender directly to verify they did in fact send the email. This should be done over the phone or in person if possible.
To reduce your chances of being infected with CryptoLocker, your company should implement the following best practices within your business.
- Regularly update all software
- Implement and regularly update anti-virus, anti-malware, and anti-ransomware solutions
- Install pop-up blockers on all web browsers
- Train your employees to avoid opening links or email attachments with an unusual request or from an unfamiliar sender
- Implement a remote, automatic backup system that’s not connected to the rest of your network (Cloud storage is one option)
- Regularly educate and inform employees regarding the latest social engineering strategies and malware tactics
- Perform regular testing of your data backup solution and data restore process
Cybercriminals often target small to medium size businesses because organizations of this size are known to exhibit security vulnerabilities due to a lack of sufficient resources or end-user education.
Security is not a “one and done” project. Mitigating both the technical and human risks that pervade an organization can prove a full-time job that requires more than just a firewall. If your company is concerned about the safety of your network, bring in an IT professional to assess your IT environment and provide a clear picture of what you need to do to keep your business secure.
At Aldridge, our team of IT professionals can provide the consulting and resources your business needs to reach its potential. Contact an Aldridge representative today to learn more about what your company and its employees can do to prevent a CryptoLocker attack.