Blog

Feb 02 2017

The CryptoLocker Viruses

“I resolve to keep my computer healthy this year.”

2016 has been dubbed “The Year of the Ransom”, nearing 1 billion dollars of ransom money collected by cybercriminals. IBM concluded that ransomware attacks have increased by 6,000% – yes, six thousand, and, thus, so did the number of victims. The future doesn’t look too bright either, with 2017 expecting to see further growth in the ransomware business.

Ransomware are software that slip through your spam filter and/or anti-virus. How? To name a few, this can happen via email, fake ads on the internet, direct transfer from a usb key, unsecured ports on the firewall etc. Cybercriminals will try impersonating something somewhat familiar to trick you into downloading a virus or, the classic, breaking down the door to your network. Your information is then held hostage until you pay. In the last few years, the most malicious and common ransomware has been (some version of) CryptoLocker.

What are the symptoms of Crypto, you ask?

  • A file you received by email does not open.
  • A file you double-click on your computer does not open.
  • Your computer is slower than usual.
  • Your cursor moves around on its own.
  • Pop-ups appear asking you to run programs you don’t recognize.
  • You see weird extensions in your file names: “Document Title.docx.locky”, “Picture Name.jpeg.zzzzz”.

These are signs that a virus has or is encrypting your files, ie. renders them unusable. The type of encryption of the Crypto viruses cannot be “cracked”; the only cure for your data is to buy the antidote. This business model has turned into a billion dollar industry. Hackers are only becoming shrewder.

To save you the ransom money, as your IT provider, we go into red-alert-mode once we encounter a virus such as CryptoLocker. With all hands on deck, we find the infection, stop it and then recover your data from backups. This process generally takes 1 business day, time in which your network might be down. It’s worth mentioning that there are no removal tools for Crypto. Without the custom-built decryption key, essentially, your files need to be deleted and recovered from backups.

Unfortunately, the best remedy for ransomware to avoid it altogether. To effectively avoid infection, you need to combine best practices of securing your network and educating your staff.

  • Train your staff to not open vague emails along the lines of “See attached my resume” with a pdf attachment labeled “Resume” or unexpected invoices from any type of sender.
  • Point out the dangers of clicking on internet advertisements.
  • Impose complex passwords.
  • Tighten local admin rights and permissions.
  • Store all your data on the cloud – not just on your computer.

These are the best ways to avoid falling prey to such a vicious and expensive pest. And if you’re uncertain, call us before you click.

Contact us with comments or concerns about the CryptoLocker-type viruses or if you need help putting together an informative document.

Crypto Not-so-Fun Facts:

  • Original Crypto (eradicated in 2014) has an estimated 500k victims.
  • 2015: Hackers booby-trap a fake Hugo Boss ad with CryptoWall.
  • Between 2014 and 2015, $18 million are reported as ransom money.
  • Intermedia conducts a survey of IT providers and finds that 72% of victims are locked out for 2 days and 32%, for 5 days.
  • 2015: Locky infects an average of 90K computers per day.
  • 2016: Hollywood Presbyterian Medical Center is demanded 200k and pays a $17K ransom.
  • 2016: University of Calgary pays $20K ransom.
  • 2016: close to a billion dollars are reported as ransom money paid.
  • A mildly savvy hacker can purchase a Crypto virus to craft efficient targeted attacks.
  • Hackers have been known to ask for more ransom money after receiving initial sum.

Subscribe to Our Newsletter And Stay Updated