As if we needed more reasons to backup our precious data, along came the dreaded CryptoLocker ransomware.
This 'nasty' encrypts all data files it is able to access, making them unusable unless and until a ransom is paid to get the decryption key. Since there is currently no way to decrypt files encrypted by this malware without paying the ransom, if your computer were to become infected, you're going to need that backup in order to get your files back after the infection is cleaned up. But wait, there's more...
CryptoLocker will attack all data files it can find on the local hard drive, and any connected drives, whether a USB connection or connected across the network, where there's a drive letter mapped to it.
This means that a CryptoLocker infection could encrypt your backup if it's on a USB drive, or files on USB sticks or thumbdrives, camera memory cards, and colleagues' or family files on another computer.
Prevention?
Consider for a moment how CryptoLocker is spread...
Typically, the infection arrives through emails sent to company email addresses pretending to be customer support related from shipping companies - Fedex, DHS, UPS, etc. The emails carry a zip file containing what appears to be an innocuous PDF file, but which is actually an executable EXE file. Windows does not show the file extension by default and thus the file would be listed as, say, FORM_12345 or FORM_12345.pdf rather than as Form_12345.exe or Form_12345.pdf.exe. Combine that with a PDF icon, and the deception is complete.
More recently, it was reported that CryptoLocker may also arrive as a secondary infection, introduced by the Zbot malware.
Marshalling the defenses...
Pay special attention to email with attachments which you weren't expecting, or from people you don't know well, and don't open attachments without first virus scanning them. Likewise, don't open Twitter links and attachments from people you don't know or trust, and exercise caution when clicking on ads.
If your anti virus software has real time scanning capability, make sure it's turned ON.
Routinely scan your computer for malware and remove it, lest it download other infections.
Keep your software (operating system, applications, antivirus, etc.) up to date - pay special attention to vulnerable software such as web browsers, Java, Adobe Reader, and Adobe Flash, as well as the operating system.
Make regular backups, and keep them safely 'off line' i.e., disconnected from your computer, and DON'T connect to them unless you know your computer is 'clean'. Using a USB drive to backup? You may want to get a second unit and alternate them... Or better yet, this would also be a good time to consider buying a 'cloud' based backup with 'versioning', allowing one to recover multiple versions of files if needed, so that one could recover files backed up prior to the infection, should it happen.
Create 'software restriction policies' in Windows to block executable files from being 'run' from certain folders - instructions are on the web, but you may need IT support to assist you with that. For more information, read Oregon State University's article on CryptoLocker, and consider running the CryptoPrevent tool linked there.
Using MAC or Linux? Then, Cryptolocker is not such a big deal, unless you're also running Windows in a virtual machine (e.g. with Bootcamp, Parallels, VMWare, VirtualBox) with access to your data files, in which case those files are at risk too.
- Patrick's blog
- Log in to post comments