Many of us are familiar with malware – software designed to disrupt, destroy or steal data, or gain control of your computer. In many cases, once it’s identified, the problem is an easy one to solve. An antivirus program can remove most forms of malware and get your computer and your business back on track fairly quickly.
Recently, however, a new form of malware has been making headlines, and getting rid of it requires a lot more than simply running an antivirus program or taking a trip to your local computer store. In fact, if you’re not willing to pay hundreds of dollars, this new malware could potentially make all of the data on your computer completely unusable.
Ransom CryptoLocker is a new type malware referred to as ransom-ware, and it’s a particularly nasty program. Ransom Cryptolocker most often makes its way onto your computer through a malicious link in an email. Once on your computer, it begins the process of going through all of your files and portable devices and encrypting all of your files.
Once this process is complete, a popup on your computer’s desktop will inform you that you have a certain amount of time, usually less than a week, to pay a ransom to have your files decrypted. If you refuse to pay, the private key that could decrypt your files will be destroyed, and everything that was caught by the Cryptolocker malware will be lost.
This type of malware is a pretty big deal, because there simply aren’t many solutions once the process has started. You can pay the ransom, which can be as much as $300 and is only payable with MoneyPak, Ukash or bitcoins and have your files decrypted, but you’ll also be playing right into the hands of the scammers, or “letting the terrorists win,” if you will.
You can hope that your backups are recent and unaffected enough to be useful, though any real or virtual drives that are mounted and accessible are targets for the cryptolocker, so if your backups aren’t completely separated from your computer, chances are they got hit as well. Your third option is to start over with a clean installation of Windows and no files, which may be a harsh reality that some people will just have to face.
So, how do you avoid this potentially devastating attack? Bill Rielly, Senior VP of Small & Medium Business for McAfee, had this to say:
“As with any form of malware, the best way to prevent your business’ data from being ransomed is to protect yourself against the attack in the first place. Make sure that you have security software installed on all of your devices, that the software is up-to-date, and educate your employees against clicking any suspicious links. Backing up to a secondary source not connected to your network is also important; CryptoLocker is known to jump from computers to networked drives and taking this step can help restore your files should you become infected.”
Cloud-based and physical backup systems that aren’t constantly connected to your computer, up-to-date antivirus solutions, and a high level of education on the dangers of malware for all of your employees can work together to mitigate threats as much as possible.
Services like McAfee’s ClickProtect can also help fight the potential problem of a CryptoLocker making its way onto your business’ network by scanning links multiple times before allowing pages to load, or by disabling the ability to click on links in emails altogether. You may be doing everything right, but if your new employee falls victim to a malicious link, everyone will pay the price.
As with many things, keeping yourself educated about potential threats as well as the best ways to avoid them, and the best solutions for fixing them when avoidance fails, is the #1 way to make sure your business continues to function at 100%.
For more about this malware, read the McAfee Labs Threat Advisory concerning CryptoLocker.
How the Cycle Works