Cryptolocker has been a serious threat since 2013. Until now there have been just a few options available to prevent your system from being attacked. NovaStor’s new whitepaper explains why the malware Cryptolocker is that dangerous and how you are able to protect your business critical data, guaranteed. This blog article gives a brief overview about the content and shows you where you can get the full whitepaper.
Nowadays Cryptolocker is a cursed word like Voldemort, Bloody Mary, or Beetlejuice. Just don’t say it out loud and definitely not three times in a row! With new versions coming out faster as you can say the name, it is more important than ever to be very careful with this type of malware. NovaStor’s whitepaper about Cryptolocker (and every subtype) explains how to protect yourself against a malware attack and what to do in case all prevention was useless.
What is Cryptolocker?
Introduced in 2013, Cryptolocker is a ransomware that encrypts certain file types on Windows operating systems including Windows XP, Vista, 7, and 8. First versions changed only a few types of files, but nowadays even backup images are not safe anymore. Infiltrated through a harmless looking email, newest versions even hide in iFrame code or Flash applications on websites, Cryptolocker immediately starts to encrypt all your files and ‘demands a fine’ in order to decrypt them. What makes it so dangerous is the fact that it doesn’t stop within the limits of a hard drive, but reaches out to every niche in the local network. The attack lasts for a few seconds, maybe minutes. But the results are tremendous. Every mapped network or USB drive, every workstation, laptop, and server in the network is encrypted using a public key, but needs a private key in order to be accessed again. That private key is located on the criminal’s servers and will be sent only if you pay the fee.
What can you do to prevent an attack?
There are several options to prevent your system from being attacked. We understand that not all options are feasible for your environment, but the more ideas you get, the more likely you’ll find one that is implementable.
- 1) It is very important that everybody in your company knows about the potential risk. Regular reminders, short presentations, or even handouts that explain the way Cryptolocker shows up and what type of emails to avoid can help building an awareness for it. Also encourage them to talk with the responsible sys admin first, before installing any kind of software. The latest trend was a Cryptolocker dressed up as a Windows 10 installer.
- 2) Reduce the user rights on public network drives to ‘read only’, if possible. To avoid discussion with colleagues about how trustworthy you think they are, it is better to restrict their rights in the first place and increase the level later on, if needed.
- 3) Disable AutoPlay to stop .exe files from starting automatically on every server and workstation, laptop, or other Windows machine in your network.
- 4) Not all Anti-Virus solutions detect Cryptolocker. Make sure your company is using one that is able to detect the current versions and has a proven success record of implementing updates fairly quickly.
- 5) Deploying a software restriction policy can prevent Cryptolocker from ever running. The challenge with deploying a black list is that you have to constantly update your list. Cryptolocker started with using %AppData%\*.exe and %AppData%\*\*.exe only, but is now leveraging several other file paths to infiltrate the system. A whitelist instead blocks everything that is not used from your colleagues on a regular basis.
To be continued…
Download the entire whitepaper here and enjoy further insights into Cryptolocker, more methods on how to prevent your system from being attacked, and learn why NovaStor DataCenter is the best backup solution to protect your business critical data! NovaStor DataCenter to the rescue!
If you haven’t already, subscribe to our BackupNEWS newsletter to receive information about the technology behind NovaStor DataCenter, NovaStor’s technology partners, Webinar invitations, and general network backup and restore knowledge.