CryptoLocker Ransomware: Holding Your Data Hostage

By
In Healthcare IT
0

CryptoLocker, the latest and one of the most damaging Windows “virus”.  This is referred to as a virus, but is commonly referred to as ransomeware, due to the nature of the virus itself.  This is one of the worst viruses the industry has seen in more than a decade.

How do I get the virus?

According to the US Computer Emergency Readiness Team, it spreads through an email that appears to be a tracking notification from UPS or FedEx, though some victims said they got infected on the tail end of wiping out a previous botnet infection. Other emails have appeared to be from Facebook or LinkedIn.

  • We see the virus coming through email in 75% of all cases. It can be obtained through visiting websites as well, especially not those related to work.
  • Please keep work computers dedicated to work functions and limit social media and shopping/image viewing as much as possible.
  • The email will contain a .ZIP file which will unleash the virus upon opening it.

 Will Anti-Virus stop the virus?

  • No. Once you allow the email into your inbox, open it and unleash the virus, you are opening the door to let the virus run the code.  Anti-Virus may help limit exposure and notification for SupportNet, but it will not stop it.
  • There are no Anti-Virus definitions in the market today that will stop this once it is unzipped by the user.

What happens if I get the virus?

  • All of the files on the infected computer (or most of them) will be encrypted
  • The virus can spread throughout the network, encrypting files on your server, USB drives, etc
  • There are only 2 options to fix this
  1. Pay $300 to $600 to the virus creator to get the encryption code to unencrypt the files within a defined timeframe (usually 1-2 days). After that, the price will quadruple or more depending on which version of the virus you unzipped.  This will unencrypt all files infected within 1-12 hours typically on all devices.
  2. Wipe all PCs and Servers clean and reinstall a fresh copy of windows and recover your files on the server from a recent backup. Even if you are backing up at night, you could potentially lose a day’s worth of data depending whenthe virus initiates.

 How can I protect myself?

  • Do not open email (especially .ZIP files) from anyone you don’t trust. If you have suspicions, call us and we will look at it remotely.  Look out for FedEx, UPS, LinkedIn and Facebook.
  • Anti-Spam Ware on your email. There are no cookie cutter ways of doing this, as many of you use various types of email services for your business.  The Anti-Spam Ware is a preventative measure that proactively quarantines suspicious emails from getting to your inbox.
  • Ensure you are using a nightly backup process that is both on-site and off-site, and is managed by an IT professional.
  • Ensure you are saving files on the public drive on your server and not your personal C Drive. Typically, your C drive if not getting backed up, just the server.

For more details on the virus itself, you can follow the link to Wikipedia http://en.wikipedia.org/wiki/CryptoLocker

Recent Posts