Cryptolocker, Ransomware, Encryption, Oh My!

“I don’t know how it happened.  But now my computer is saying I need to pay $300 to get my files back.”  Millions of dollars have been ransomed.

I’m sure many of you are aware of someone who’s been asked to pay a ransom to get their encrypted files back.   It has happened enough that it is well-known by many, whether you know of a neighbor, relative or friend who’s been hit.

The original most famous variant was Cryptolocker, but now there are now all sorts of variants that are trying to steal your money in return for giving back your files.

And originally it only came in as an email attachment.  Slyly disguised as something like a shipping notification, it was successfully installed on those who unwittingly open those attachments.

Now the stakes are higher.  The attacks are coming from many directions and the ransoms are more costly.

The more recent versions can be unwittingly downloaded, simply by VISITING a website with malicious code.  For example, Yahoo during one stint had their ads compromised.  The website itself was fine, but it might’ve been the ad broker for example who was given a bait and switch on those who bought their ads.  Large ad brokers can’t certify every ad every time, so it isn’t hard to imagine how it could’ve gotten through.

BUT, with Java and Adobe Flash security holes, and many users who don’t understand the ramification of NOT updating certain software, coupled with default settings in many internet browsers, has led to malware being downloaded, comprising your day-to-day data.

Originally these ransomware only encrypted your word and excel files.  Now there is a whole host of file formats AND ways in which it accesses network shares.  For example, there is a new variant out there which will encrypt whatever it can find shared on the network trying to encrypt ALL of which a user has permission to access on a network.

We witnessed one group get hit by it.  They were doing a very specific Google search in their industry.  They clicked on the link, but it was a bad website and they got infected.  And it ran simply because they had elevated permissions to run programs on their local machine.  Without good backups, their data would’ve been as good as gone.

Concerned about cryptolocker?  Give us a ring; we have a security protocol which addresses greatly reducing the risk of getting hit by this.

It’s a war out there.  Make sure you are fully equipped.