Watch out! More CrpytoLocker badness forecast for 2014
The ransomware nightmare of 2013, ‘CryptoLocker’, which encrypts your files using a Windows API and then demands you pay 300 Euros or 2 BitCoins (probably 5 bit coins now – ed) to recover them, has been thoroughly researched by the great and good (and bad) of Internet security and some very scary findings have been made
It seems that CryptoLocker was created by a single crew of Eastern European hackers (never, we hear you say) who certainly know what they are doing.
In order to avoid detection by the identification of command and control (c&c) servers, it seems from research conducted by Dell that the hackers are using a domain generation tool to generate something like a 1000 new domains a day in which to host c&c servers. This makes detection using honeytraps and sinkholes very difficult.
The development of the back end of this most nasty piece of software means that there can only be more to come in 2014 and we urge all of our customers and associates to be on the look out.
To reduce the chances of becoming a victim and to enable swift remediation (you should never pay these people, ever), we recommend the following:
- Make sure you have a current Backup of all your data
- Remove Administrative privileges where they are not needed including local Admin
- Make sure your systems are Patched
- Ensure your anti virus is Up to date
- Review Access control to network shared data
If you are an ITC NetSure360° customer, we are developing a use case that identifies a large delta in file opens ad will be communicating this with you presently.
If you are not a NetSure360° and would like to talk to one of our seasoned to be merry security professionals please contact us on: 0207 517 3900 or email [email protected] – alternatively visit itcsecure.com