Unfortunately, as discussed in the last blog entry, Cryptolocker and the new variants of it are an encryption-based infection. This type of infection requires a preemptive and proactive approach to keeping your data safe. This is because once you have discovered the infection is on a system or systems, it is already too late in most cases. You may or may not have lost any or all of your files to the infection, depending on how quickly it is found.
This infection and its variants spread through spam emails mostly. It will usually present itself as a link for you to click in an email that has been crafted to look legitimate to an end user. The file is usually contained in a zip archive either directly in the email or through a cloud storage account such as Dropbox. It is critical to frequently tell your end users the dangers of spam mail and to never click links to files in emails unless you know for sure that it is safe. A good policy in place would be to disallow any .zip or .exe files to be used at all in company emails, therefore getting rid of one avenue of infection. For some business or end users, this may not work.
Education for these types of infections is key because they rely heavily on successful social engineering. Now even the best-educated users will at times make mistakes and you have to plan for this with these types of encryption infections.
It is only a matter of time before a system or network of systems will get one of these ransomware-type of infections no matter the security in place. Therefore it is absolutely critical to have a backup system in place to retrieve lost data. A variant of the Cryptolocker infection called Cryptowall takes the infection to a new level by deleting what is called the system-restore files in Windows that allow you to take your computer back to an earlier time and date. It also deletes the shadow copies that Windows keeps of files. Again this means you need to have a secure and effective backup system in place for your systems. The most critical thing is you need to know that the backups will work. Regular testing is mandatory to make sure you can get your data back. A good system means nothing if the restore process doesn’t work or work well.
Now one would ask is there more that can be done other than educating users on where this infection comes from and having a good backup system in place. As of right now, the industry is scrambling to come up with good defensive approaches to these types of infections. The regular antivirus scanners have been ineffective so far at stopping the infections or even detecting that it’s on a system. Once it’s on a system, it’s almost too late. Here at HCP Computers, we are drafting up a few proactive and on-demand measures to help keep these types of infections from happening in the first place. Contact us and we will schedule a time to discuss these measures. http://www.hcp4biz.com/contact/
First and foremost; educate, educate, educate and backup, backup, backup.