Ryan Bush

CryptoLocker is one of the more infamous malware attacks currently referred to by the general category of Ransomware. Ransomware is a Trojan style virus that infects a computer and encrypts all of the documents and data it can locate that appear to be of any value. The virus will work its way through the computer’s hard drive as well as any connected drives it can locate which can include a company’s server files if the drive is connected to the infected device. These types of viruses have existed since the late eighties, but regained prominence in 2013 with the introduction of bitcoin to the ransom formula.

After the ransomware encrypts the user’s files they are then prompted to pay a fee in order to obtain the decryption keys from the attacker. Often the attack will use scare tactics such as a warning from a law enforcement agency to try and convince the user to pay the ransom faster. The early versions of the virus demanded the ransom be paid in United States Dollars which could allow for the money to be tracked. Bitcoin brought a brand new element of anonymity to the equation for the attackers by allowing them to demand payment in a virtually untraceable currency. Adding Bitcoin to the ransom formula has led to an influx in the amount of ransomware being used to attack computers. Despite the increased number of attacks there have been very few accounts of file recovery or viable counter measures to recover data.

The attackers obviously demand money in return for their promise to provide the decryption keys. However, there are many accounts of victims paying the ransom but never receiving the keys from the attackers. Unfortunately for the victims the ransomware will not only encrypt the active files, but delete any ability to restore the data on the device. Often the attack will also destroy the reboot disk for the operating system which prevents a computer from even being restarted after an attack. The only way to truly defend against a ransomware attack is with offsite backup.

Offsite backup provides users with a third party storage location for all of their important data that can be restored in the event of an attack. Off the shelf products designed to back up a user’s data in case of a system failure are a great way to protect data. Using offsite backup creates a location where data is stored that cannot be directly infected by the virus. However, there is an important warning for off the shelf backup programs and that is if the infected files reach the backup, often backup is performed nightly, then the user may have lost the unencrypted version of their data. Because of the nature of off the shelf backup many businesses are opting for a more customized backup approach which utilizes monthly, weekly and daily types of backup to ensure images and copies of the data exist at multiple time periods in case an attack goes undetected for a period of time.

If a computer has offsite backup and becomes infected remember to first disconnect the computer from the internet immediately, this prevents the possibility of backup corruption, then have a professional clean the computer of the virus, finally reconnect the wiped computer to the backup service and restore the data. It is very important the computer be wiped clean to prevent the virus from repeating the encryption once the restored data arrives. Do not forget to educate employees to be vigilant about clicking on hyperlinks in emails they do not positively know arrived from a trusted source. Ransomware often arrives disguised as a file being shared from a third party the user knows and trusts hence the term Trojan, so it is important, when there is doubt, to call and verify a document share link prior to opening and executing the file.

For more information on how to keep your data safe, contact e-vos at (843) 410-0050 or info@e-vos.com!