http://www.avosec.com/cryptolocker-ransomware-prevention
If your company data had been irretrievably lost, what would
you do?
Lately we’ve seen a number of infections with the
Cryptolocker virus. This type of virus is rarely seen, in fact we had never
seen any ransom viruses which effect the customer data, we usually see the type
where its claimed to be a metropolitan alert stating you have visited an viruses
which pop up after logging in and stop you being able to use your computer –
data is left intact and the viruses are easily removed.
The problem with the Cryptolocker virus is that your files
are encrypted with what is reportedly RSA-2048 encryption and it does it on the
sly in the background while you are using your computer without you knowing
anything is happening. Once it’s satisfied most of the files if not all have
been encrypted it will pop up a message on your computer notifying you of the
situation and that you’ll have to pay them to retrieve the files. We do not
encourage anyone to pay these criminals.
We have been lucky in that our customers who have been
effected have regularly changed their backup drives and we have been able to
recover their data stored on the server and reinstalled the affected PC’s. This
is why a good backup routine is so important, we cannot stress this enough.
Our customers have reportedly been infected from opening
email attachments, however we cannot rule out a “web drive by” in which you can
get infected by a site exploiting a weakness in your browsers security, usually
the site owner is unaware they have been compromised. We implore you to be
vigilant when opening attachments, even if it appears to be from someone you
know, if you were not expecting the email check with them to see if they did in
fact send it. Perhaps their email account has been compromised after they had
opened an email attachment?
We are currently reviewing our security practices and
working with our partners to develop better security for our internet and email
customers.