We have had a small number of our clients get hit by Cryptolocker, Cryptolocker is a form of Ransomware Trojan. The Virus that dose the encrypting is easily removed but it’s the restoring of the files that takes all the time.
It normally spreads two ways.
- You get an email from Australian post saying you have missed a delivery and asks you to click this link, if you do you will run the virus and game over
- The Second way it can spread is threw an existing botnet.
No matter how you get it once you get it you have little time to minimize the damage. If you do click the link and nothing happens and your thinking about this blog in the back of your mind. STOP THINKING AND PULL THE POWER PLUG OUT THE BACK OF THE COMPUTER STRAIT AWAY.
This virus works by using a form of RSA public-key cryptography. It goes around encrypting all of your most important files, Pictures, PDF’s, work documents, databases, MYOB files ect. Once encrypted if holds them for ransom, hence the name ransomware. It will ask you to pay in bitcoin normally and the larger the company and more files it encrypted to larger the ransom is. It encrypts everything it can get to even files of the server or other computers.
The problem here apart from supporting this, that there is no guarantee that once you pay you will get your files back, there is no helpdesk number to call them to say I didn’t get my files back, there have even been some badly written version that forgot to say the decrypt key altogether. And lots of cases where it only got back 20% of the files as it hit a problem on the decrypt and just stopped, again no helpdesk to get it to restart.
The FBI June last year issues a Public Service Announcement warning about this new form of financial extortion. They also stated just from April 2014 to June 2015 more the 18,000,000 was extorted from victims
So this is the problem what can we do about it.
- BACKUPS BACKUPS BACKUPS. I can’t stress this enough please make sure all your backups are working and that your backing up what you think you’re backing up. Here at Sky Comm we recommend both having onsite backup like a NAS or a tape and a cloud based backup. Its also very important to once a quarter test and review the backups, make sure the files you think are there are there and how long would it take to get them. You can always ask one of our technicians to come in and do this for you, but please make sure this happens. Ask yourself “what would happen if you lost EVERYTHING?” all finaincial details all backups all Genie databases, all client files and records. 9/10 companies that have this happen without proper backups fail within a year of this kind catastrophe.
- DON’T CLICK emails you don’t know about Australia post, ATO etc. they don’t send emails so delete them straight away.
- This is for all virus’s malware in general. Keep you servers and desktops up to date. Also of them are older version that Microsoft have already patched. If you get your monthly plan with server maintaince with us will look after this patching for you on the servers.
- Have a good anti-spam. This can help a lot although it’s a cat and mouse game. Office 365 helps almost eliminate this email I personaly haven’t had on since I moved my email services to them.
With all this in mind please take care with emails even from people you do know never click any links in any email, Make sure your backups are what you think they are, and make sure your security is upto date.
If you have any questions, please don’t hesitate to call us today on +61 8 6189 1080 to make an appointment or make some time to make sure your as protected as you can be, a few hours planning can save your practice later.
PS yes crytolocker can infect macs too