Cyber-criminals have made the CryptoLocker family of ransomware into a major underground profit center. An article on the Heimdal Security blog discusses at length the new CryptoLocker variant—CryptoWall 4.0 that is even more dangerous and virtually undetectable than its sibling, CryptoWall 3.0.
Like CryptoLocker, CryptoWall 4.0 encrypts your data but with an added twist—it also encrypts file names as well, causing mass confusion among its victims and increasing pressure on its targets to pay the ransom or lose their data forever. Ransom is usually paid in the untraceable internet currency, Bitcoin.
CryptoWall 4.0 is spread principally through spam emails with infected links and drive-by-download attacks. Drive-by-attacks occur when a user visits or is redirected to an infected website which automatically downloads malware onto the victim’s computer. Unfortunately, antivirus detection rates are extremely low making it impossible to know you’re infected before it’s too late.
Once infected, victims can only access their files by either restoring their systems from the most recent clean backup or pay the ransom and hope that the cyber-criminal sends the decryption key.
Take these steps to protect yourself and your business:
- Make sure you backup your systems. IT Business Continuity solutions will allow you to recover from a CryptoWall attack within minutes versus a data backup system with recovery times usually measured in days to weeks.
- Do not open emails from anyone you do not know and NEVER click on any links they contain. Send spam emails to the trash immediately without opening them.
- It goes without saying, but I’ll say it anyway—do not download or open any email attachments unless they are from an absolutely trusted source.
- Keep your systems and third party software fully up-to-date.
- Be mindful of the websites you visit. Drive-by-attacks are increasing.
Unfortunately, the CryptoLocker family of malware is not only here to stay but is thriving. As we speak, cyber-criminals are morphing new generations of the malware, making it extremely difficult for cyber security experts to fight.
Users need to be proactive in protecting themselves and above all, make sure your IT systems are frequently backed up and that the backups are viable.
If you do not take proper steps to protect your business, you run the risk of getting infected, paying a large ransom to get your data back and then relying on the goodwill of a criminal to keep his or her word and actually send you the decryption key. Good luck with that!
XSolutions is a Managed Services Provider (MSP) and provides 24/7/365 remote monitoring, scheduled workstation and server maintenance, Help Desk Services, Business Continuity Solutions, Cloud & Hosted Services and IT Consulting. Call us at (845) 362-9675 and see how we can help your company.