CryptoLocker Ransomware Cyber Attack
Ransomware is a kind of malware that withholds some digital assets (mostly user's data) from its victims and asks for payment for their release. Ransomware could be the best reason yet to use cloud data storage systems. Over the past several weeks, many Windows users were infected by CryptoLocker malware that encrypts your files until you pay a ransom. US-CERT has reported that the primary means of infection are phishing emails containing malicious attachments, but the aforementioned malware can also be deployed by malicious web sites by exploiting outdated browser plugins.
Removing the CryptoLocker is not complex, but the real problem is that all your important files will remain encrypted and useless until you pay the ransom. Furthermore, some victims have claimed that they paid and did not receive the promised decryption key. CryptoLocker has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, and network file shares. The ransomware then connects to attackers' server where it deposits the private encryption key. Files are encrypted using strong asymmetric encryption. The Cryptolocker asks you to pay $300 ransom by using MoneyPak or Bitcoins in 3-4 days to get your computer's functionality back. If you don’t pay, it will delete your encryption key and you will not have any way to decrypt your files. Users can get their file back only by restoring from external backup or shadow copy, so using cloud storage to backup your important data can prevent damage from the Cryptolocker and similar ransomware threats. In addition, the attackers have recently launched a Russia based hosting web site that allows victims to purchase the key for their infected encrypted files. Most antivirus companies have released updates for their users to detect Cryptolocker and remove registry keys which are required to show the screen for paying the ransom. So, the attackers have launched the decryption web site to be eventually paid for encryption key of infected user’s files.
To protect computers and local networks from ransomware infections you can take common preventative measures:
- do not follow web links or submit any information in suspicious e-mail messages and safely handle e-mail attachments
- use up-to-date anti-malware software
- perform regular backups of all critical data on dislocated servers or use cloud data storage offers
- patch regularly your operating system and applications
- use IDS and firewalls to detect malicious activities
- use authorization for shared drives
Backup on the cloud
Key benefits of cloud backup are lower costs, risk mitigation to the service provider, flexibility and agility, improved data protection, and ease of use. Through cloud backups, small businesses can build recover solutions without investing in hardware and software licensing. They can easily store their data in remote servers with included vendor's additional redundancy and protect themselves from ransomware and similar threats.
By Darko Androcec