The threat to your company to experience a malware attack is real! BlackInk IT urges companies to be prepared with measures to avoid a cyber-attack or be able to recover files in the event you experience an attack. One current example of a malware cyber-attack that is now causing significant data loss for companies who are not prepared is “CryptoLocker” or what is also known as “Ransomware”.  Leveraging both computer systems and human vulnerabilities, cyber attackers gain access to machines and maliciously encrypt the data (covering file types such as images, documents and spreadhseets), and then demand a ransom to be paid to the creator of the malware in order for the system’s files to be restored. The malware uses advanced cryptography, so there is no current malware repair solution that will recover your scrambled files once it has triggered. BlackInk IT wants all computer users to take the threat seriously as the CryptoLocker malware is not discriminatory; it targets any unsuspecting victim, regardless of company, industry, or employee role. 

What is CryptoLocker?

CryptoLocker is a malware program that was released around the beginning of September 2013 that targets all versions of Microsoft Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This malware will encrypt files using a variety of encryption methods. It will encrypt ALL files that you have access to if you are infected. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that gives you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted. There is no way to recover the files once encrypted; at this time only a restore from off-site backup or paying the ransom will allow you to use your files again.

 

Example CryptoLocker payment screen
Example CryptoLocker payment screen

 

How does the threat (CryptoLocker) get in?


According to Sophos Labs, industry leader in information security, two main infection methods are via email attachments and via botnets. The email cyber-attacks can be avoided by not opening attachments you were not expecting or from people you do not know well. Per Sophos, the infection via a “botnet” is different, “The crooks are using the fact that you are already infected with malware as a way to infect you with yet more malware. That’s because most bots, or zombies, once active on your computer, include a general purpose ‘upgrade’ command that allows the crooks to update, replace, or add to the malware already on your PC.” Therefore it is important to be current on all malware and take action on any infections that are detected.

How to avoid a data threat or loss?

BlackInk IT encourages the following items are performed to minimize the risk to a major loss of data from disaster or being infected with malware such as CryptoLocker.

  • Have a backup and recovery strategy for all critical files and applications in your company and test that the backups are working regularly. Make sure the backups are stored off-site.
  • Stay patched; keep your operating system and software up to date. A managed service is one of the best ways to ensure all the corporate systems are patched and software up to date.
  • Utilize a service to scan all email before it gets to your server.
  • Protect your network with a firewall that performs Intrusion detection and scans for malware at the firewall.
  • Make sure your anti-malware subscription is active and up to date.

Even with all of the proper defenses in place there is still a threat. Common sense is the best defense for email based attacks. Be suspicious of ALL email. Do not open attachments or links you were not expecting and verify from the sender that it is a legitimate email before opening the attachment or following a link. Many malicious attacks come disguised to look very legitimate. They may come from coworkers, friends, business partners and associates. Treat every email like it is a threat.

Do not rely on Cloud Synchronization services as a backup strategy. These services do not replace a proper backup of your data; services like DropBox that automatically synchronize your data will only propagate errors rather than defend against them.

Are You Prepared?

Our mission at BlackInk IT is to help clients be prepared and to take preventive action to minimize the potential risks of an infection. New threats are being unleashed continually and therefore the actions outlined in this blog provide a starting point for preparation.

About BlackInk IT

Founded in 1993, BlackInk IT is a privately-held corporation headquartered in Indianapolis, Indiana. BlackInk IT is known as a leader in solving complex business problems using a suite of Information Technology (IT) services including Managed IT Services, Consultation, and Business Application Services that allow our customers to focus on running their core business.  Leveraging best-in-class technology, experience and insight to deliver business strategies and efficiencies, BlackInk IT tailors their solutions to meet each client’s unique business and technical needs. A pioneer in Managed Services, BlackInk IT currently serves small to mid-sized companies with additional expertise in industries including accounting, life science, legal, professional services, government, education, insurance and healthcare. For more information about BlackInk IT, visit http://blackinkit.com