Monday 28 October 2013

CryptoLocker virus

I was asked to write a blog article by our Managing Director this last week regarding the Crypto Locker virus as we've had to deal with a number of cases recently and have fully recovered from it without having to pay the ransom fee. Another article worth reading is this one, after reading mine of course, it makes some points worth considering, we came across it after dealing with the latest case:

If your company data had been irretrievably lost, what would you do?
Lately we’ve seen a number of infections with the Cryptolocker virus. This type of virus is rarely seen, in fact we had never seen any ransom viruses which effect the customer data, we usually see the type where its claimed to be a metropolitan alert stating you have visited an viruses which pop up after logging in and stop you being able to use your computer – data is left intact and the viruses are easily removed.

The problem with the Cryptolocker virus is that your files are encrypted with what is reportedly RSA-2048 encryption and it does it on the sly in the background while you are using your computer without you knowing anything is happening. Once it’s satisfied most of the files if not all have been encrypted it will pop up a message on your computer notifying you of the situation and that you’ll have to pay them to retrieve the files. We do not encourage anyone to pay these criminals.

We have been lucky in that our customers who have been effected have regularly changed their backup drives and we have been able to recover their data stored on the server and reinstalled the affected PC’s. This is why a good backup routine is so important, we cannot stress this enough.

Our customers have reportedly been infected from opening email attachments, however we cannot rule out a “web drive by” in which you can get infected by a site exploiting a weakness in your browsers security, usually the site owner is unaware they have been compromised. We implore you to be vigilant when opening attachments, even if it appears to be from someone you know, if you were not expecting the email check with them to see if they did in fact send it. Perhaps their email account has been compromised after they had opened an email attachment?

We are currently reviewing our security practices and working with our partners to develop better security for our internet and email customers.

No comments:

Post a Comment