What is “Cryptolocker” and other Ransomware

You've probably heard of Cryptolocker.  Your business may have even been affected by it.  Even government services have been hit.  Cryptolocker is a type of malware that is classified as "Ransomware".  Basically, it infects your computer and asks (or demands) that you pay to have it removed. Ransomware goes all the way back to 1989, when a virus called "AIDs Ransom" was written by an allegedly mentally ill professor.  It encrypted a victim's file names and asked for payment before the virus would be removed.  This ransomware was distributed via floppy disk sent by mail.  Since then, Ransomware has come a long way and the release of Cryptolocker brought it back to the forefront.

Cryptolocker was released in 2013 and since then, the FBI and Interpol have effectively shut it down.  That hasn't stopped copycats:  CTB-Locker, Krotten, CryptoWall, TeslaCrypt/AlphaCrypt, etc.  Each of these viruses will encrypt the files on a computer as well as any network drives then demand anywhere from $75 to $800 (or more) in ransom.  Some businesses and individuals were forced to pay these ransoms since they had no other way to recover their data.

AlphaCrypt

This is the popup displayed after AlphaCrypt has encrypted user files. It's similar to Cryptolocker.

These viruses get onto a computer network most often via email attachment.  They disguise themselves as .ZIP files or even as .SCR files (screen savers).  When an unsuspecting user opens one of these attachments, the encryption process begins.  Once the encryption process is complete, the victim will see a popup like the one to the right.

To prevent ransomware from infecting any computer network, there needs to be a multi-layered approach to security.  Since these infections usually originate from email attachments, the email service needs to have robust antivirus protection as well as the ability to block certain attachments.  The computers on the network also must have an enterprise-class antivirus solution.

There must also be a robust backup and disaster recovery solution in case an infection slips through. The latest reports from anti-virus firms and other tracking companies are showing that the ransomers are often asking for more money after receiving the initial ransom payment, or are outright refusing to decrypt the files after the ransom is received, so having a backup is essential.I will talk in depth about backup and disaster recovery in my next blog post.

Contact Us for a free security consultation and to find out how Cloud Media can help secure your network and develop a backup and disaster recovery plan.