Are you Prepared for a CryptoLocker Attack?
Listers recently endured a cyber attack from one of the most pernicious web viruses called “CryptoLocker”, also known as “Ransomware”. They had 38,200 files destroyed in just 5 minutes!
Here is a story that is hopefully a welcome warning to help you to avoid the worst effects of such an attack.
It’s estimated that Cryptolocker Malware has already infected over a quarter of a million Windows based computers and this is expected to rise drastically over the next few months. Ransomware has been around for a long time now but this latest version has been developed by cyber criminals to bypass most firewalls and spam filters as it uses genuine third-party cryptography accepted by Microsoft’s own CryptoAP software. In other words, the criminals have used Microsoft’s own tools to attack its Windows based systems.
Here’s how it attacks: You get an innocent looking email with a message reading something like “here’s your order/delivery confirmation”. You open it and… nothing happens. So you carry on with your day as usual. Sometime later, days, weeks, you turn on your computer and see a screen similar to the one shown here saying that your personal files are being encrypted and that to get them back you need to pay a large amount of money, usually in ‘bitcoins’.
Now you may just try to stop it doing what it’s doing by “turning it off and on again”, but you’ll find that won’t work. In fact all the time while you’re messing about trying to stop it, it’s working away encrypting and effectively destroying all your files.
Here’s what happened at Listers: We switched on a computer and the Cryptovirus screen appeared. It surprised the member of staff who initially thought it was a joke and asked other colleagues if they had it. Someone quickly called over our IT expert who immediately recognised what it was and promptly unplugged and disconnected the laptop from the Listers network.
Now here is the scary bit: The above actions took just over 5 minutes from laptop on, to disconnection. In those five minutes the Cryptolocker virus had destroyed 38,200 files and had jumped to 11 other computers in the business.
Our IT Team then spent the rest of the day along with a local IT Security Specialist, D2NA, isolating and quarantining each computer and running a specialist program to destroy all traces of the virus. Listers lost a day’s work while this was done, some companies have not been so lucky. One company in Stoke on Trent lost 15 years of data, another was closed down for 11 days while the virus was purged.
The Cryptovirus is becoming more prevalent and is constantly adapting to beat firewalls and anti-virus systems, so how should you prepare your business to stay safe?
The answer is twofold:
Firstly ensure that you enforce a company wide policy of not opening Email attachments or links from senders that you do not recognise or expect. In Listers case a single individual failed to do this and the virus attacked.
Secondly, ensure that you have a secure, offsite backup system updated regularly so that when you’ve destroyed the virus (and that may need professional advice) you can restore any destroyed files from the backup. Listers had this in place and were able to restore the 38,200 files destroyed.
Listers were also saved by the very prompt actions of a member of their own IT Team. We hope that this warning will help you to react just as quickly should Cryptovirus attack your business.