The most common method for infection is through the use of phishing emails that encourage the recipient to click on a link that enables the malicious software to be downloaded, opened and executed. Once installed the malware seeks out user created files such as .doc, .xls, .pdf, and others. Using a robust encryption application the malware encrypts each of these files rendering them unavailable to anyone who does not have the key needed to decrypt, which happens to be stored on a remote server under the control of the cybercriminal. Cryptolocker is especially aggressive in that it has the ability to locate files the victim has access to on not only the local drive, but files located on shared network drives, USB drives, external hard drives, network file shares and in some cases even some cloud storage devices.
Individuals and organizations that find themselves falling victim to a ransomware infection such as Cryptolocker should contact your IT administrator and determine what your incident response plan is and start the remediation process.
Some common recommendations to follow if you believe that your computer has been infected include:
- Immediately disconnect your system from the network. This will prevent the virus from further encrypting additional files on your network.
- Turn off any data synchronization software that automatically syncs your data to a central server.
- If you decide to restore your files from backup copies, once you have removed all remnants of the virus, including ensuring that your registry has been appropriately cleaned, it is essential that you identify and utilize a backup from a time period prior to the original virus infection.
Due to the inability of most antivirus software applications to proactively detect the malicious software associated with ransomware, the most successful strategy is to prevent the infection of the malware.
One of the most important things an individual or an organization can do to limit their exposure is to ensure that individuals are aware of the threat and you do not open suspicious emails or unexpected attachments.When in doubt the recipient should verify the identity of the sender and the specific contents of any attachments.
Regular backup of all systems will limit the impact of data or system losses.
Organizations should restrict access to sensitive files and conduct regular review of user access to ensure that it is limited to only that level required to perform their work duties.
Regular updates of all antivirus programs and enabling automatic updates of your AV signatures and software as well as ensuring that your system is updated and patched in a timely manner will also help reduce your exposure.
Ransomware is an area that is going to be a real issue going forward as it can be very lucrative for the cybercriminal, and the risk of being caught is still relatively low. According to an article in PCWorld, the creator of the Cryptolocker virus may have made as much as $30 million in just 100 days;if that is the case, you can guarantee that more ransomware is on the way.
No comments:
Post a Comment