Malicious software can spread like wildfire on the Internet and encrypt your organisation’s files; unless you pay a ransom. But you can thwart these cyber crooks by having your data backed up at an off-site location.
CryptoLocker, CryptoWall, can take over your data before you know it
A nonprofit organisation had been in for an unpleasant surprise after 75 gigabytes of its data had been encrypted– all in just 55 minutes. A ransomware known as “CryptoWall version 2.0” had infiltrated one of its administration workstations unknowingly. Seven servers were at risk of loss, unless they paid a ransom of $500 to get the decryption key. Though the organisation had its backups, it would take days before a full system restore could be completed. Therefore, the organisation opted to pay the price in bitcoin. When the group got the decryption tool, it cost another 18 hours before all 75GB of data were restored.
It’s likely this could happen to your business, but there are steps that you can take to prevent it. But before you do, you need to know what you are up against. A malicious software identified as Troj/Ransom-ACP can take your data captive unless you pay money for it to be restored.
One such malware of this kind is the CryptoLocker, which is classified as a Trojan horse because it can penetrate computer systems undetected. It can enter your computer through email attachments or botnet, which attacks when your system has already been compromised with malware. Once it is inside, the CryptoLocker encrypts document files on your Hard Disks, shared networks and Cloud networks. It then connects to a public server that will yield a public-private key that will decrypt your files. The part of the public code will be sent to your computer, but the hackers that operate the malware will keep the private key. They will only provide it to you in exchange for a ransom, which can be paid in bitcoin or MoneyPak. These cyber crooks also install a clock on the desktop counting down to 72 hours as the time limit. Threatening you to pay within the prescribed time, if you do not agree to their terms they often destroy the key, causing the permanent loss of your files.
The perpetrators behind Cryptolocker and even another type of malware had been taken down in late May of 2014. Moreover, researchers from FireEye and Fox-IT had also been able to get a hold of the private decryption keys used in the Cryptolocker scheme, and help victims restore their files.
But unfortunately it did not end there. After CryptoLocker, a malware of the same strand emerged, known as CryptoWall 2.0. It is known to attack computers through infected online advertising channels on trusted websites. Hackers embed the malware on ads so that they can infiltrate the computers of users even if they have not clicked on anything. Meanwhile, the malware goes past the nose of advertisers due to the rigorous stages of the advertising process. These malvertising campaigns can be seen on websites such as Yahoo, The Atlantic and AOL.
The malicious software looks for a point of weakness in the user’s Flash player and other browser plug-ins, and stages its attack. Aside from this, CryptoWall also uses botnet to send infected email attachments that expand its capacity to infect computers. Unlike CryptoLocker, this malware only encrypts audio and video files, and it takes ransom payments in Bitcoin currency only.
To make matters worse, both CryptoLocker and CryptoWall have undergone developments to make them more destructive. Cryptolocker has evolved from a Trojan horse into a worm, allowing it to replicate itself. The malware can now spread through removable drives, and it could disguise itself as an activator for programs like Adobe Photoshop and Microsoft Office on file-sharing sites. On the other hand, CryptoWall has shifted from the HTTP network to TOR, which makes it more difficult for researchers to track it down.
CryptoLocker has been able to strike over 20,000 computers in Australia, leading some of the victims to pay the ransom. The cyber crooks behind this have become savvier now, posing as legitimate sources like Australia Post and the Australian Tax Office to make people open emails with infected attachments. In fact, the ABC had to go off the air for 30 minutes due to an invasion of ransomware. This prompted ABC to transfer its broadcasting operations from Sydney to Melbourne. The staff of the news agency was deceived with fake emails from Australia Post.
With reports on these types of ransomware, it may seem like there is no way to escape their attacks. But there is always a way out. All it takes is a bit of vigilance, and backing up your data to protect yourself from these destructive software and those behind it.
So what can you do?
Since these types of malware attack your computer systems unknowingly, the best way to thwart their schemes is to implement a periodic backup of data. You should also have an alternate storage of information off-site, to further prevent invasion. This means using storage devices that are offline or simply those that are not hooked up to your computer. Your backup should have three copies for maximum security. Good candidates for offline storage devices include USB external hard drives or DVD recordable disks for data that do not need frequent updates.
You can also ensure a secure back up as well as recovery for your data through SecureDR. This solution offers off-site and real-time backup for your information depending on the level of protection that you need.Your server can be stored at a local SecureDR appliance, or your data can be duplicated at the company’s Data Centres. In this way, you can insure your business from costly loss of vital files and discourage these crooks from making money off your establishment. You may also ramp up security by minimising browser plugins and providing security trainings for your staff so that they will recognise potential malware in your system.
With the proliferation of these malware, there’s nothing wrong with taking a multi-faceted approach to data security and protection. Certainly, you will not want to abet these criminals in their schemes. Through these measures, you are able to stay one step ahead of these crooks while keeping your business safe and sound.