You may have seen us previously warn about a growing number of incidents involving ransomware known collectively by the name of Cryptolocker. CryptoLocker Malware: Worst Computer Virus in 10 Years and CryptoWall: The Latest in Ransomware and Cyber Crime are two previous newsletter articles that we published.
What is Cryptolocker?
This group of malware threatens to hijack your computer or data and hold it for ransom unless you pay the creators of the virus. It spreads through the use of infected email attachments, botnet software already in existence on infected machines, and unauthorized downloads allowed by outdated browsers. Each time it appears, its name and characteristics change, but it continues to be a serious dilemma.
How Do the Attacks Occur?
We’ve analyzed these attacks, and here’s what we’ve found:
- Most come from infected zip files attached to emails.
- Most of the rest come from poisoned search results. Those poisoned search results, in turn, come from search engines, such as Ask.com, which is installed every time anyone applies a Java update and neglects to uncheck the box that causes Ask (or other search engines) to be installed and become the default search engine.
- In addition, nearly all are “zero day” attacks. That means the anti-virus/anti-malware tools have not encountered that exact variant before, and therefore do not recognize it as a threat and are unable to protect you against it!
What Protections Exist?
Protecting yourself from the malware attacks takes place on two fronts: prevention and then recovery. To prevent an attack, you must be vigilant when opening email attachments. Scrutinize carefully every email containing an attachment before opening the file. Be particularly careful with zip files. Despite these precautions, you may still get attacked. Therefore, you must have excellent, regularly scheduled back-ups for all data. If you have good back-ups in place, in the event of an attack, then you can restore unencrypted versions of your files. Be aware that the recovery process can be frustrating, time-consuming and disruptive.
What Is ECC-IT Doing to Protect Its Clients?
Based on our latest research and problem-solving efforts, here’s what we’re doing about it:
- For our Office 365 subscribers, we implemented a rule blocking emails with zip-file attachments.
- Clients who have our remote monitoring agent installed have additional protection. This tool blocks secondary software from being downloaded by Java updates, and stops add-ons, such as the Ask.com toobar, from being installed.
- Our anti-virus and anti-malware tools regularly update the definition files used to identify viruses.
- Our Cloud back-up tools provide consistent, scheduled back-ups that greatly facilitate recovery, should it be necessary.
Why Are We Telling You About It?
- As a courtesy to our customers and newsletter subscribers, we would like to warn and educate you about current pernicious viruses.
- We want this information to be empowering for you. You have options to help prevent getting infected or to minimize its impact if you do.
- We want you to know that we are here to help you. Our managed services subscribers have peace of mind knowing that we already have taken care of their systems. If you are not a managed services customer, then please contact us to see how we can help you.
Contact Us for Questions or Assistance
If you feel that your systems are at risk or already have been compromised, then please contact us immediately so we can assist you. If you just want to have peace of mind, then we will gladly do an assessment of your network infrastructure to check for vulnerabilities and provide recommendations to you.
Call us at 301-337-3100 or email us at firstname.lastname@example.org.