UK NCU Alert for Cryptolocker
The newly formed UK National Cybercrime Unit (NCU) recently put out an alert about Cryptolocker, a particularly nasty piece of so called ransomware.
Cryptolocker is a form of Trojan that typically arrives as an email attachment, or if you already have malware on your PC may be able to self install at anytime via a Botnet feed. Whether you mistakenly run the file thinking it is something innocent, or it manages to self install the results then are extremely destructive.
The payload of Cryptolocker is that it encrypts the data on your PC, doing so with an extremely high security encryption that effectively makes all your data unreadable. The security deployed by Cryptolocker is so good that it is deemed unbreakable, period. There are no known back doors.
Once your files have been encrypted, Cryptolocker starts a countdown timer, giving you just a few hours to pay a ransom. After the timer expires the secret server hosting your “personalised key” will destroy it – at this point your data is lost permanently. Would you get your files unlocked if you did pay the ransom? We don’t know, but the advice from the NCU is to not pay and instead insure you have taken sensible precaution against Cryptolocker.
Fortunately combating Cryptolocker is not too hard. eClarity can provide their Sophos antivirus product, which is able to detect the attack and also remove existing backdoor botnets from your systems. We can provide application layer firewalls that can scan attachments and block malware before it enters your network. Of course, we advise clients about backup solutions too as these are ultimately your last line of defence. If you are unfortunate enough to have your data encrypted you want to know there is a robust backup in place. Oh, forget most cloud backup solutions too as these will happily take the new encrypted file from your PC and overwrite the original.
Do remember, your systems are only as secure as your weakest link, this may in many cases be your own staff! Training and awareness is extremely important, an effective security solution cannot be achieved unless a holistic view is taken. The single most important action you can take is to NOT open files from any source if you are not expecting them.