RamsomeWare

RansomeWare (CryptoLocker / CryptoWall) is a VERY Serious Threat!

This is malware that encrypts your most important data across networked drives, (and backups), and only when the encryption is fully complete does it makes itself known. Its not possible to open or use these encrypted files. You learn of it when it demands a ransom in order to unlock your data. The encryption is of the highest quality and is completely bullet-proof. This class of malware is called ransomware, and is the most serious kind of malware in 20 years.

Businesses may contemplate paying the ransom to the criminals, likely in Russia, but face the prospect of never knowing what else will happen to the computers or network at a later date if the ransom is paid. Once criminals know that a business is willing to pay a ransom, the business may be forever black-mailed. This is effective with a business that pays a ransom, since the business folk realize after paying that they will do ANYTHING to remain anonymous about the issue. Fearing, quite correctly, that if their customers, vendors or the press, find out the business may be damaged.

Resolution is rarely possible, if it is, its time consuming, and cost way more than the ransom demand. Prevention is mostly the only way. However standard or consumer grade anti-virus and anti-malware usually can not catch encrypting ransom-ware either at all, or not for 2-3 weeks later, which means its too late to prevent infection and data encryption.

Prevention¬†– The solution is AIR-GAPPED daily versions of backups, and changing all users to STANDARD (not Admin) users. ¬†This combo gives you a chance to not loose your data. Air-gapped means a backup destination that is not connected when not being backed up to. If connected the malware will infect the backups. AND a backup solution MUST support VERSIONING, or else it’s useless.

More sophisticated methods are to use Intrusion Detection / Prevention service which must includes onsite hardware, connected to a service that aggregates 40+ different anti-malware tools, including “zero day” algorithms, plus in and out bound Intrusion Detection and Prevention tools which scans 2500+ times a day and updates constantly. Software as a service in the cloud processes and correlates thousands of outgoing as well as incoming traffic, which implements zoning, blocking, or ultimately shut-down methods. Optionally a managed service provider specializing in IDS, IPS, event correlation might oversee it.

If you think you have an operable defense against CryptoLocker, let me send you the latest version of the live virus, and you see if your current system even notices it. (of course, this is high risk, but manageable if done in a sandbox by professionals)

If you are a business with a 10 + users connected to the Internet, and have a concern about this, call me at 925-462-8700. Send an NDA first to alan@tech-coach.net first if you wish this to be in legal confidence.

Sorry, time does not permit helping individuals with CryptoLocker issues.

Alan