By now you have probably heard of Cryptolocker. Kiandra has sent out numerous alerts and warnings, and it’s all over the press at the moment with widespread infections being reported globally.
CryptoLocker is a wake-up call for many, and highlights just how important a multi-layered approach to security is. We recently deployed an Intrusion Prevention System (IPS) out at one of our client sites and after only two days it had blocked CryptoLocker. True story.
Had this organisation been infected, the ramifications would have been devastating. This organisation was exposed to CryptoLocker as one of their staff members had visited a malicious site.
This could happen to any business. To be honest, it scares us.
Backup is the only way to recover from CryptoLocker, however even this doesn’t always work. CryptoLocker is very sneaky – it will usually start silently encrypting and can run for several days before you either notice some of your files can’t be opened or the CryptoLocker payment screen finally pops up. That means backups during that time period are useless. The best remedy for CryptoLocker is prevention.
How do I prevent becoming a victim?
I cannot stress enough how important it is to have an IPS in place (we recommend HP TippingPoint). This is now a staple item that should be part of all business’ IT infrastructure. Other things you should do include:
- Ensure you have the latest antivirus and that it is up to date
- Update all software on your computer, especially Microsoft Office, Adobe products, and Java
- Do not download and install unfamiliar software, even if its maker claims it will prevent Ransomware
- Ensure you have valid, TESTED backups in place
- Deploy CryptoPrevent to the workstations to prevent initial infections, available from here http://www.foolishit.com/vb6-projects/cryptoprevent/
- Deploy the CryptoLocker Prevention Kit Group Policies from here, to prevent spreading of the infection in your environment: http://www.thirdtier.net/downloads (select CryptoLockerPreventionKit.zip)
- Secure your network shares and permissions
- And lastly educate your users! If they don’t visit the malicious site or open the attachment in the first place, this will solve all your issues!
If you do not have an IPS in place please talk to us today about scheduling in a trial. We can deploy it in your environment for a set period of time and provide you with a full intrusion detection report, giving you complete visibility of all attempted attacks.
If you want more info on how CryptoLocker works and disguises itself check out this blog post from our security team.