CryptoLocker: threatening to encrypt the IT industry, and they’re not giving you the key
Every day technology is becoming an increasingly important part of our lives and like the majority of employees; my business tasks now revolve almost entirely around computers.
As technology evolves to make our lives simpler, we are also opening ourselves up to worryingly sophisticated attacks by cyber criminals.
CryptoLocker is the latest cyber threat holding businesses to ransom, not by deleting files, but by encrypting data. Malware criminals are using CryptoLocker to infect computers and servers by releasing it over the internet and allowing it to slither into your IT systems. Commonly, businesses are infected through phishing emails, appearing to come from Companies House and other well-known establishments. Ransomware such as CryptoLocker enables criminals to earn money by offering to decrypt the files accepting anonymous payment via BitCoin.
Once a computer is infected, CryptoLocker attempts a connection to a remote server, which acts as a remote engine to encrypt data. The encryption specifically targets common business files, including .doc, .eps and .ppt.
CryptoLock encrypts any documents that it can find, which means that if your user account has administrator privileges, the ransomware will continue to search directories on your PC – and any mapped servers – encrypting files until it is disconnected from the internet.
After the encryption process is complete, the private key used to encrypt data is removed from the PC, rendering the affected files useless. After this, the unknowing victim receives a message from the cyber criminals demanding a payment of $300 to unencrypt data, giving you 72 hours to make a decision. When your time has run out, all of your files are unusable and inaccessible – your business is at a standstill.
During the 72 hour ‘grace period’, they continue to state that any attempt to damage the software, or brute force the key, will cause them to destroy it from their servers permanently.
Currently, as the encryption seems to be using the AES 256 algorithm, the only way you can retrieve your information is by either recovering information back from a previous date or paying the ransom. It goes without saying that we DO NOT recommend you pay the fee, as there is no guarantee that the information would be restored and indeed, in doing so you may be targeted by repeat infections.
So, what happens if you don’t have a backup, and the criminals don’t restore your data? Simply, your business is dead. It is therefore vital that your company has appropriate Anti-Virus and Malware protection, as well as effective remote site backup, such as the CloudDrive service offered by Nimbox.
Shayne Niemen of Niemen Architects, Leeds, whom was targeted by CryptoLocker said:
“We had no idea what was going on, at first we thought it was a joke or a small virus that we could easily remove, but that wasn’t the case. We hadn’t backed up our machine in a long time, so the infected server was our only copy, holding 15 years of data. We think it made its way into our system through a spam email and our whole business was in the balance.”
Malware attacks are growing at a rapid rate, in the first quarter of 2013 McAfee reported 250,000 unique ransomware samples. CryptoLocker infects around 1000 PCs each day in the UK – experts believe this small number is a ‘dry-run’ before the main attack. Seemingly, akin to IT professionals, the criminals are testing their infrastructure prior to releasing the code. As it is proving to be an incredibly profitable avenue for cyber criminals, this growth is showing no signs of slowing down. The only way to guarantee that you protect your business is by installing up-to-date antivirus software and regularly backing up your data.
Vault from Nimbox offers unique backup protection that includes features such as block-level incremental backup, bandwidth management, seeding, de-duplication and remote recovery.