A Disaster Averted—Our Battle With Cryptolocker

iStock_000015275621_SmallIntroduction

Recently, we received a call from a client reporting that his “PC was acting weird”. Our customer was having trouble opening files and the ones he was able to access appeared to be gibberish. He was going to a meeting and asked us to look into it while he was away.

Lucky he called, because we soon realized that our client’s PC was under attack by Cryptolocker!

Cryptolocker is a form of ransomware which is now all the rage in the criminal underworld. The virus is usually contracted when a victim clicks on an infected link delivered via SPAM and/or spoofed emails. Once a victim clicks an infected link, their files are encrypted and held for ransom.

Immediate action saved the day!

Once our tech realized what was happening, he immediately gave the remote command to shut down the workstation and disconnected it from the network. Good thing he did—because a check of the server showed that Cryptolocker had already begun encrypting files in a very large directory, but because of its size was taking some time to complete. This particular directory contained files critical to the business. Shutting down the infected PC stopped the Cryptolocker attack, saving the server.

Files in the affected folder on the server were quickly restored from a recent backup and our client’s network was up and running within an hour. Unfortunately, the hard drive on the PC was totally encrypted and couldn’t be saved. In the scheme of things, a small price to pay.

Managed IT Services was key to a quick recovery

Because our client’s network was managed, we were intimately familiar with their systems, files and IT environment. Our experienced technician knew what to look for and was able to quickly remote into the PC and immediately shut it down before the ransomware had a chance to do more damage.

Those businesses using break-fix vendors for IT support are at a disadvantage. Break-fix vendors only make money when a client calls to report a problem and therefore are not as familiar with their customer’s entire network. They also charge by the incident and emergency calls command premium prices.

Managed Services, on the other hand, emphasizes ongoing, scheduled maintenance to reduce problems by resolving small issues when detected before they become big problems later on. A Managed Services Provider (MSP) like XSolutions becomes intimately familiar with a client’s network because they work on it every day. Since services are under contract, MSPs actually lose money when systems go down and extra resources are needed to bring them back online. In this situation, our client didn’t incur any additional charges—it was all covered.

For protection against Cryptolocker, you need a silver bullet

The incident above certainly shows the advantage of Managed IT Services over break-fix support. If our client hadn’t called us immediately upon noticing a problem, Cryptolocker would have had the time to completely encrypt the server. We congratulate our customer for his quick action.

If the files on the server became fully encrypted, the entire network would have been down for a minimum of one to three days with the current data backup system in place. That’s because data backup systems only save data and not operating systems, server settings, security settings and source programs; increasing time-to-recovery by days to weeks.

On the other hand, a Business Continuity Solution is the most effective way of neutralizing the Cryptolocker threat. Here’s why:

  • Business Continuity Solutions take snapshots or complete pictures of servers and/or high-value workstations, including the operating system, source programs, settings, etc., making restorations much faster and reducing recovery time to minutes and hours.
  • Complete snapshots are saved to a local, onsite device for fast restores as well as to two geographically dispersed data centers in the cloud. This is commonly referred to as a Hybrid-cloud solution.
  • Business Continuity Solutions are managed by expert Managed Services Providers (MSPs) like XSolutions, monitoring and maintaining systems to ensure they are ready to go at a moment’s notice—and when tragedy does strike, we’re there to assist in the recovery.

If your business cannot tolerate downtime for more than a few hours, then you need a Business Continuity Solution in place. So far, this is the most effective way of recovering from a Cryptolocker attack—other than paying the ransom.

Conclusion

The Cryptolocker family of ransomware is bringing untold millions of dollars into cyber-crime syndicates around the world. Each day, links infected with variants of this insidious virus are blasted to millions of businesses and individuals via SPAM emails. Currently, this type of virus has a very low detection rate by the anti-virus programs on the market today.

Here is a statistic to remember:

70% of Small-to-Medium Size Businesses (SMBs) fail within one year of a catastrophic data loss. (Source: Disaster Recovery Preparedness Benchmark. The State of Global Disaster recovery Preparedness, Annual Report).

 Make no mistake about it. Losing all of your data to Cryptolocker can cause irreparable damage and can literally put you out of business.

To protect yourself, first change your mindset. Stop thinking about data backup and start thinking about Business Continuity. Your livelihood and those of your employees depend on it.

 

Joseph Imperato Sr. is the Managing Partner for XSolutions Consulting Services, a Managed Services Provider (MSP) delivering Computer Support, Business Continuity, Cloud Services, and IT Consulting to New York, New Jersey, and Connecticut businesses. Call us at (845) 362-9675 and see how we can help your company.