Just imagine… You come into the office early to start work, you go to open your files and oh dear! The file you are trying to access is encrypted, you don’t know how but you can’t access your data. You ask a colleague to try the same file, they can’t open it either, you try another file and it’s the same problem.
The next step is to call your IT support provider to report the problem. they look and diagnose the issue and they inform you have you have been subject to a ransomware attack and you are infected with CryptoLocker.
This scenario unfortunately is becoming more and more common, there have recently been a number of high profile attacks involving Cryptolocker. The problem with Cryptolocker is that what it does and how it does it is perfectly legitimate and so it is difficult to prevent.
Cryptolocker (and variants of it) works by encrypting the files that it can see. Encrypting files is perfectly legitimate and providing you have the encryption key you can decrypt the data and read it. The problem with Cryptolocker is that you don’t hold the decrypt key, the perpetrators of the crime do. If you don’t have the decrypt key, then the data is gone – you cannot get it back!
Cryptolocker is described as ‘ransomware’ the reason for this is that the people that have encrypted your data have done it for financial gain, they want your money! They want you to pay them for the decrypt key. which by the way might not work! Not only that, but how much will they charge you for the key? Where do the proceeds of this enterprise go? How is the money used?
Prevention, Better than the cure
Clearly preventing Crypto locker is better than resolving the issue once it has struck, however this is difficult as the variants of it get more sophisticated and more intelligent. Some simple steps to protect your business and your data are
- Passwords – Ensure there are no weak passwords in use on your IT Network – criminals try to ‘crack’ these passwords and so the more complex they are, the more difficult they are to crack. They crack your passwords to deploy Cryptolocker on your network.
- Firewall – Make sure you have an adequate firewall in place which is up to date with the software running on it. Criminals will look for easy targets, a good well maintained firewall helps protect your data and your business from hacking and attacks.
- Email Filtering – Lots of variants of Cryptolocker come in via email attachments or links which are then clicked. Ensure you have adequate email filtering in place to stop these emails (still a lot slip through these filters)
- Website Filtering – Restricting access to websites which would potentially contain Crypto locker, a filtering solution to stop access to inappropriate sites is a good practice and will help protect you.
- Antivirus – Should be installed on every machine and should be up to date, this provides a level of protection
- Be Vigilant – Above all Cryptolocker is usually caused by someone clicking or opening something they shouldn’t have. If you get an email or a file that you don’t recognise or aren’t expecting, don’t open it.
If you are unfortunate enough to be struck by Cryptolocker, there are only 2 options, 1 pay the ransom, and the second is to resort to your backup. Needless to say, we believe that every client should revert to backup, this highlights the importance of a good backup that you know works and that you can restore from. Are you in a positon to answer the questions below?
- Are you sure all of your data is backed up?
- How often is the data backed up?
- What time is the data backed up?
- How out of date could my backup be?
- How is the data backed up? Tape? Disk? Cloud?
- Are you sure the backup works?
- When did you last test the backup?
- How long would it take to recover the data?
- What would the impact be if you were hit by Cryptolocker?
There are lots of backup solutions on the market ranging in price and functionality. The old adage of ‘you get what you pay for’ is never truer when it comes to backing up and protecting your data. At a minimum you should really test that backup, after all, that data is your business.