Ransomware CryptoLocker infections are on the rise

image_alertAs a reminder, a particularly nasty virus or ransomware called CryptoLocker is on the rise.

What’s the big deal?
It encrypts your files and you could potentially lose your data forever including the data on your file servers.

How can I get infected?
The ransomware has typically been delivered via email with an attachment from what appears to be reputable senders such as FedEx and UPS.

What to do?

Prevention:

  1. Be smart.

    a.  Educate your users NOT to open emails that they weren’t expecting, even if they appear to come from someone they know.

    b.  CryptoLocker appears to have mutated as well and is being disseminated through PCs that have already been hacked through other methods. In other words, the CryptoLocker may have actually started on your PC from a totally different infection which then downloaded CryptoLocker without your knowledge.
  2. Keep your anti-virus software and Windows software up-to-date.
  3. Have a solid backup. This is vitally important. In particular, make sure that your data backup is not accessible from your network—either locally or online.

    a.  IT Radix is recommending having at least a two-week backup history. It can take several days before the CryptoLocker pop-up is displayed and at that point, the damage is already done.

    b.  Check your backups daily for successful completion.

    c.  IT Radix also recommends testing your backup if you haven’t done so recently.

    Both of these are standard procedure as part of our pro-active maintenance plan.
  4. If you have a Windows Active Directory domain (most businesses should and do), implement a security policy (called a GPO) that can prevent these viruses and ransomware from even running.   This is not available through standard Microsoft updates. We must manually implement this for you.

 

I think I’m infected, now what?

  1. Immediately disconnect your computer(s) from your wired or wireless networks upon seeing the red-screen notice put up by CryptoLocker.
  2. Do NOT attempt to remove the virus until your data has been safely restored. In some cases, paying the ransom may be your only option. If you remove the virus, you will not be able to de-crypt your data or it may result in an even higher ransom fee.
  3. Protect your backup – if it’s on removable media (e.g. USB hard drive), remove it from the network.
  4. Call us.

Please take this threat very seriously. We’ve already had a couple of clients lose data because users were blithely opening emails that carried the infection.  Want to know more, feel free to call us at 973-298-6908 or email us at [email protected].