Imagine you sit down at your computer Monday morning, you double-click to open the important spreadsheet that calculates your business revenue when you receive an error that MS Excel cannot open this file because it is corrupt. This sort of issue occurs from time to time as computers and data storage are failable. NEXT, you begin to open a report you were working on and it too does not open due to the same error. Following which, other employees start sending in reports similar to what you are experiencing. Now you know something is wrong.
The next logical step is to contact your IT staff to look into the issue hoping it is a simple fix related to some botched Microsoft update. Here is when you are informed that your company has been hit by the "Cryptolocker" virus. All the files on the source computer and all the files on the server are encrypted rendering them useless. Whats more, the files can only be decrypted by paying a ransom using a modern online currency called Bitcoin.
Wait! What is Bitcoin?
A new digital currency has emerged in the past 5 years called Bitcoin. The key factors that make this a game changer and the Cryptolocker virus possible is that its administration is completely decentralized which enables its next prominent feature, that of anonymity.
This new digital innovation does bring interesting and modernizing ideas to the old concept of money but it also empowers those who wish to make untraceable transactions across the globe.
Now available for Macs!
Your Macs are not safe either. The newest version of this virus is available for installation on your Apple computer. Visit the wrong site, open the wrong email attachment and your Mac can suffer the remote encryption powers deep in the code of the Cryptolocker ransomware.
How it works
The first step is to contract the virus. This is as simple as a small piece of code executing on your computer. This can occur many of different ways by exploiting vulnerabilities to your system or network. The most common of which are able to achieve their goal with an email attachment or a link directing you to a malicious website. There are even reports of flash based ads on legit websites infecting computers.
Once this malicious bit of code has run on your computer, it will reach out to its servers to generate an encryption key which it will use to encrypt all of your files and the files of all the network shares you are attached to. This process usually takes, depending on the amount of data, hours to days.
YOU WILL NEVER KNOW this is happening until the encryption process has completed and you are unable to access the files. This is when the virus displays a large visible message on your screen informing you that your files are encrypted and that a sum of money in the form of Bitcoin is required in order to decrypt your files. There is also a countdown, a time limit before the ransom price increases. Furthermore, if you let the second deadline pass, the key is deleted and your files are lost forever. You will also likely find new files littering your desktop and all other folders that have names like HOW_DECRYPT disclosing instructions on how to pay the ransom.
How can we protect and prevent?!
The only guaranteed protective measure against ransomware is to maintain rock solid backups. The best of which will sustain an offsite copy of your backups. However, this should still only exist as your last resort. It is not only a hassle to restore your entire data share from backups but it takes time and therefore money and productivity from the company. Furthermore, it is not likely you keep backups of every single computer in your network, and I am sure there is some document on the desktop of the infected computer that cannot be reproduced.
So let's consider preventative measures. The first, and most important method is user education. The most up-to-date operating system and antivirus software cannot protect against zero day vulnerabilities. These are security holes found by hackers that have never been revealed to the public or to the manufacturers. They are essentially being saved for the proverbial rainy day. NOTE: Watch for future posts on web surfing and email safety.
Next in line to keep you safe and which is immensely significant is software and operating system updates. This is where a majority of those vulnerabilities are found. Your operating system, usually being Windows should always have the latest updates installed. And any third party software, Java, Adobe products, Firefox, etc. should all maintain the latest updates. These updates often contain fixes to newly discovered security flaws. Flaws which go un-patched are the highest risk to your network. These systems are what the developers of viruses rely on to breach your systems.
Another method that can assist with ransomware prevention is web filtering. We can maintain a database of known malicious URLs and IP addresses and block you from accessing them. This can prevent you from either downloading the code or in the case of email, and where the code has already executed, prevent that code from reaching out and creating the encryption key needed to encrypt your files.
There are other more technical techniques that can be used to protect your systems, some of which include, updated antivirus, firewall hardening, user access control, software execution policies, etc., etc.
Jeremy Sonntag - NetCertPro