Cryptolocker – What is it?

Apr 29, 2019 | Security

Ransomware, Reyptson, Leakerlocker. These are all terms for some of the most common threats to your IT systems.

Before I start and get into the nitty gritty – IT security is a bit like insurance. There’s rarely a need or want, to think the unthinkable scenarios.   

The same used to be true for IT security – it was fairly low risk. But that has all changed. 

Why is this?

Well, it’s because Ransomware is spreading and damaging many businesses. You only ever hear about the large security breaches on the news but ask 10 of your business associates and I can pretty much bet one of them has been hit by this threat.

What does the virus actually do?

It usually infects a PC in the form of a malicious email attachment. The mail attachment looks just like a normal PDF which could be disguised as an invoice or purchased order (or any other attachment).

Once it has been opened the virus will then encrypt all Word, Excel, PDFs, pictures etc on the PC it infects, rendering the files useless.

It will then search for network drives and go after files stored centrally on any servers you may have. Wreaking havoc on shared network drives and departmental files.

Finally, it will display a message on the infected system stating if you pay a “ransom” then you can have access to your files. The truth is – if you pay you are not guaranteed anything and may end up in a worse situation as the software will capture credit card details.

Prevention is better than cure.

Example of cryptolocker virus

An example of what you may see when dealing with the Cryptolocker virus.

4 key steps for any business to reduce the risk of Ransomware.

1. Raise awareness among staff.

Make staff aware of the threat of files and links from within emails. They might look to come from a trusted source. If you are not expecting an attachment then check before you open.

Common sense is key – if you don’t know the person sending the attachment or link then don’t click it.

If you are unsure, then ask your IT provider to inspect the link or attachment.

2. Server side protection, GPOs.

GPO stands for group policy object – your internal IT department or provider should be deploying a set of group policies on your internal servers and computers that restrict the virus’s ability to spread to the network.

3. Email Spam Filter

Does you email have a spam filter? Probably. But does it inspect attachments on emails?

Possibly not. Make sure you have an email protection system in place that can do the job in the background.

It’s a bit like a firewall for emails, inspecting them as they come through for malicious software.

4. Check backups are actually working.

If you do get hit by Cryptolocker. The process for recovery is to restore from a backup.

99.9% of all backup systems will send a notification to the IT department / provider to let them know if a backup has been successful or not.

If you’re unsure if your IT department or provider checks your backups, then it’s worth giving them a call to find out.

You may also like