All your data are belong to us
There you are, reading through your email. You notice an email that says “IMPORTANT!” so
you open it. The email tells you to open
the attachment which has a .pdf extension.
You open it, but nothing happens. You think that something
is wrong with the email, so you delete it, but you don't realize that the file was an .exe file and is working in the background to wreak havoc.
Then it happens. You see a
message box appear on your screen: “Your personal files are encrypted!”
To decrypt your files and get back your data
you must pay $300 USD. You only have a
small time window (72 hrs) to pay or you lose the ability to decrypt
forever. What do you do?
At first, you don’t believe the message. You try to find a way to close the message,
but there is none. You then try to open
a file from your computer, but you cannot.
You start thinking through; do I have a backup? Do I pay? So I know a
geek that can fix this?
Cryptolocker was introduced to the world in October of
2013. Since then hundreds-of-thousands
of computers have been infected. There
have also been many other variants of this “ransom-ware”. Some worse than others, some encrypting
files, some just denying access to your computer, all bad news. There is some good news on the Cryptolocker
front however. On June 2, 2014, the DoJ
announced that they seized the Command-and-Control (C2) infrastructure for the
botnet and shut it down, meaning that even if you get the virus, your files
will not be encrypted. Also meaning that
if you are infected and your files were encrypted, there is no way to recover
the encryption key.
While the shutdown of the C2 infrastructure for Cryptolocker
has effectively shut down the virus (for now), there are still many other
variants out there threatening to hold your data ransom for a huge profit.
So what can you do to protect your data? Below there are a few simple measures you can
take to help keep your data safe:
1. Perform Backups – Backup your data on a
regular interval based on the sensitivity of the data. If you can afford to lose a week of backups, make
sure you are backing up weekly. If you
need more current backups, then do so.
External hard drives are inexpensive and having 2 or 3 to rotate through
for backups would be a wise investment.
2. Patch your software – All software vendors offer patches for their software. Sometimes these include bug fixes, but often the patches are to fix security vulnerabilities, which viruses us to gain a foothold on your computer. Patching can prevent problems before they start. Microsoft Windows & Office, Java, Adobe, Antivirus, and other software on your computer all need to be updated in a timely manner.
3. Do not use your computer as an “administrator”
– When malware gets on your computer, it runs as the user you are logged in
as. If your user account is part of the
administrator group, the malware runs as administrator, giving it full,
unrestricted access to the machine.
Instead, run as a regular user, and setup a separate administrative user
account you use when you need to install software or change system
settings. Using User Account Control
(UAC) in Windows, you can elevate your privileges without needing to log off
and back on.
4. Do not click what you don’t know – If you
see an email from someone you do not know, or are not expecting it from, then
do not open it. If there is a link in an
email or on a website be careful before clicking it. Hovering your mouse over the link (without
clicking it!) will reveal the link location.
If it looks strange at all, do not click it. If in doubt, talk to your IT staff or someone
who is knowledgeable about these things.
For more information
see:
