A new type of malware is being spread through emails and infected websites. It is called Crypto Locker and is especially dangerous as it works differently than most viruses.
Background: A computer that gets infected with CryptoLocker will mass encrypt (lock) all accessible user files and then display a Ransom Message requiring you to pay $300 to $2,000 within 72 hours to unlock your files. Practically speaking, the only way to get files back is to restore them from a recent backup taken just before the infection or to pay the ransom to the bad guys.
Usually, threats of this nature are quickly eradicated and prevented by updates to your anti-virus package, Microsoft Windows and/or Firewall. Not so with CryptoLocker! It is cleverly written and constantly changes so that new variants elude normal defenses.
Advisory: I recommend a total review of your preventive measures ASAP to make sure that it is cohesive and includes at least the following capabilities:
- Educate your users about the seriousness of this threat and instruct them to:
a. Do not download files or click links in unfamiliar emails or web pages;
b. Store data only on disk drive locations that are being backed up regularly.
c. Do not bring in data on USB drives from untrusted sources.
- Insure that all systems have the latest security patches applied for Microsoft Windows, Java, Anti-Virus, etc.
- Implement email filtering, web filtering & web reputation defenses.
- Implement a quality business-class firewall with up-to-date security subscription to prevent executable programs from being downloaded.
- Configure PC’s and Servers to inhibit the behaviors of this threat.
- Implement role-based folder permissions so that an infected PC can’t damage all other user’s files.
- Implement a reliable backup system with archives from which to recover both servers and PCs quickly if infected.
The real danger to business users is that one PC on the network with the Crypto Locker virus can lock every file on the file server that they have access to! And Crypto Locker continues to work in the background without the user even knowing that they are infected. And if the file server gets infected, it will lock every file in the sttached backup as well.
A few things to protect your data now include:
- Cold-Backups. These are backups that are stored off-site and not connected to a target PC. Several USB drives or thumb drives can be used for this.
- Cloud Backups. Implement cloud-based backups like CrashPlan, Carbonite, or Mozy and make sure versioning is turned on. This maintains earlier versions of files so you can go back-in-time to restore uninfected files.
- Safe Browsing. This goes without saying. Stay out of the seedy-side of the net.
- Safe Email. Never open an attachment from an email that is suspicious. Even if the email is from someone you know, be cautious. Their PC could be infected and is sending you a virus.
- Email Filtering. Use a service like McAfee SaaS to pre-filter all email before it gets to your mailserver. This usually costs several dollars per month per user.