Service providers reported that the malicious CryptoLocker ransomware has temporarily crippled some small business owners over the past weeks.
When a computer gets infected, CryptoLocker encrypts all the user’s files on it and attempts to extort payment for the decryption key.
The malicious ransomware can target a victim’s online or local networked backup as well. Until now, at least one firm was forced to pay out the ransom, though most victims were able to recover files with a recent backup.
“Once a client’s systems are infected it is only takes a short time before they pick up the phone to request help”, the president of Cincinnati-based Integrity Solutions Group David Senseman stated, a managed service provider whose clients are mainly dental industry offices and clinics.
“The threat can spread to other connected systems”, Senseman said.
“It’s been a process of wiping their drives and restoring and reloading their data,” Senseman continued. “We advocate a multitiered approach to backup, so our affected clients were able to recover their systems from a recent backup.”
CryptoLocker is pronounced one of the most menacing threats of 2013. It came out in September and spread across the globe infecting systems in Europe, USA and Asia. According to security experts, since 2013, the ransomware attacks have grown significantly.
Ransomcrypt, which appeared in 2009, uses a less complex encryption scheme. In fact, an even earlier version called Gpcoder also used a weaker encryption scheme when it was first detected in 2005. The other versions of ransomware usually lock computer screens and tech-savvy victims or system administrators can take steps to bypass the lock and remove the infection.
Security vendors recommend educating their users about opening email attachments and clicking on links in email.
“In addition, organizations should have a patch-management strategy to ensure that endpoints maintain up-to-date software”, said Neil Butchart, vice president of North America at a path management vendor.
According to Butchart, operating system software, core applications and third-party programs should be maintained and updated. Important data should also be backed up.
Due to the fact that the malware also encrypts some cloud-based backups, security experts recommend businesses maintain an offline backup, which is a standard industry best practice.
“Despite an increased focus on CryptoLocker and other malware threats, attacks are designed using social engineering tactics to trick people into browsing to a malicious website or opening a file attachment”, stated the chief security strategist Don Gray.
Gray also added that his firm has seen people at companies with strong security cultures get tricked by a phishing attack.
“Cybercriminals are increasingly turning to blogs and social networks to design convincing messages for their targets”, Gray claimed. “It shows that people are at the weak point; we’re human and fallible,” he concluded.