Backup your Security
Recently we have shared information about a virus that is causing more and more problems for people around the world.
Cryptolocker is a variant of ransomware. The difference is that ransomware freezes/locks the system until the ransom is paid, whereas with CryptoLocker the operating system and software installed keep on working, but your files are encrypted, for example spreadsheets, pdfs, word documents, etc.
Crpytolocker is not known to self replicate (currently), so spreading via the network is not expected, however any drives, networks shares currently mapped, mounted or attached to the computer are inspected for file types and extensions and all matching files get encrypted.
The attack vector, which delivers this very nasty, frankly criminal code, appears to be a link in emails, which can be sent to anyone in your organisation. Anti virus vendors are slowly catching up but it is important to raise and maintain awareness amongst you userbase.
CryptoLocker only reveals itself once it has searched your files and started the encryption process.
If the files are encrypted there is little that can be done other than paying the ransom, or recover from backup.
Possible ways to protect against such incidents are listed below:
– Keep antivirus up-to-date
– Keep up with the OS specific security updates
– Keep backups of all important files
– Disable admin rights for End User accounts
– Keep your software up-to-date
– Utilize L7 inspection with next generation firewalls if available; alternative solution can be IPS sensors, Flexible Packet Matching with Cisco IOS, etc.
We also recommend for your organization to review the current backup strategy in place to prevent situations when you may need to “buy” your own files back.
Utilization of network access control, centralised log management and SIEM can also be beneficial in order for any infection to be detected real-time or possibly prevented.
Contact ITC at [email protected] to discuss our NetSure360° Security, Performance and Network Management platform.