Your Time Is Up! CryptoLocker Ransomware

These are not your friendly neighbourhood hackers! To these thieves, this is a business. An increasing number of UK organisations are being targeted and money extorted from them. The model uses social engineering techniques to trick users into running a Zip folder or file, which then contaminates the system and any other system attached to the same network.

The Trojan generates a random symmetric key for each file it encrypts, and then it encrypts the key to ensure that only the owner of the private RSA (encryption algorithm) can obtain the random key used to encrypt the file. Also this method ensures that as the computer files are overwritten, it is impossible to retrieve them using forensic analysis.

CryptoLocker doesn’t encrypt every file it finds, it targets non-executable files with the extensions included in the malware’s code, specifically documents, images, databases, spreadsheets, etc. All the valuable organization specific activities.

When this finishes encrypting every file that meets the conditions, to displays a stark message to the user, asking for a ransom payment, with a time limit to send the payment before the private key kept by the malware writer is destroyed.

Ransomware is targeting SMBs

Ransomware is targeting SMBs

Our Advice is to avoid CryptoLocker

This malware is most often spread by email, but many viruses are contracted through infected websites. Therefore we recommend:
• Ensuring all staff are aware of the potential hack and being particularly wary of emails from senders you don’t know, especially those with attached files.
• Disable hidden file extensions in Windows, this will help recognise this type of attack. Many infected files are .exe and .zip folders, although many now appear as .docs and claim to be invoices.
• Make regular system back-ups of your critical files, and hold these copies securely off-line.
• If you have the misfortune to become infected and don’t have back-up files, our recommendation is not to pay the ransom. It encourages the thieves to continue and who is to say they won’t come back?

Increasingly, SMBs are being targeted as they are often are ill prepared for a cyber-attack and the ransom although frustrating is not financial crippling, unlike a total loss of data. If you need to discuss system security please contact our experts on 01424 460721

Speak Your Mind