Posted on January 28th, 2014 by Stacy Gianakura
Encryption can prevent unauthorized individuals from accessing sensitive data, but the authors of CryptoLocker, a relatively new form of ransomware, are using it to prevent users from being able to access their own files. Companies that find they have been infected with this malware are given a notice that they have 96 hours to pay two Bitcoins, currently valued at approximately $300, or the key that decrypts their files will be destroyed. If this happens, the files are essentially lost forever.
There are a variety of reasons that CryptoLocker has been so successful, at least from the point of the individuals running it. CryptoLocker installs itself onto computers when someone opens a file that appears to contain shipping information. Disguised as a PDF, the file is an exe that installs the malware onto computers and begins encrypting files. It first debuted near the end of 2013 when large numbers of people were sending and receiving shipments, bypassing most people’s normal wariness about opening email files.
Along with an incredible infection rate (it is estimated that more than a quarter million PCs have been infected) CryptoLocker takes advantage of Microsoft’s CryptoAPI, so decrypting the files without a key is almost impossible. It is also not likely that the perpetrators are going to be caught any time soon. Since they are demanding payment in the form of Bitcoins, they are effectively anonymous. This is not to say that a way to decrypt files will never be found or that the individuals responsible will never be found, but most experts consider these events unlikely, at least in the near future.
Due to the fact that many in the IT field believe that CryptoLocker will begin showing up in emails that appear to be from major merchandisers such as Amazon, it is important that businesses are proactive about preventing infection. With Pyramid Technology Services, Managed IT, you can secure your company’s files through a two pronged approach: protecting your computers from infection and data backups.
Pyramid Technology Services can provide virus and malware protection by ensuring that your firewalls and security protocols are up-to-date, and if you don’t have them already, we can provide them. Automated and regular scans help to ensure that even if an infected file does slip past active monitoring services, it will be detected by an in-depth scan. We also provide automated operating system updates which patch known holes that hackers exploit.
In the event that your files do become compromised, either due to CryptoLocker or another unexpected event, our regular backups of your files will ensure that you don’t lose any data. A combination of off-site backups and regular testing by Pyramid Technology Services means that your files are safe, irrespective of how the initial data was lost.
Written by: John Cappello, Director of Technical Services, Pyramid Technology Services
Value. Expertise. Trusted IT Partners.