Thursday 24th September 2015
URGENT VIRUS THREAT INFORMATION
- 24 September 2015
There has been a significant rise in the number of businesses caught out by the “Cryptolocker” family of ransomware recently. Cryptolocker is very dangerous as it is not a traditional virus and may be missed by your virus scanning software. Many viruses will cause you some minor inconvenience by locking up your computer, displaying unwanted popups or turn your computer in to a spambot. These issues can be overcome, however, this new breed of malware has forced us to re-think how we look at viruses and disaster recovery.
Cryptolocker is a program classified as “ransomware”. Ransomware will lock up your computer and ask that you pay a fee before you can resume normal operation. Most of these programs can be removed without paying the fee, however Cryptolocker is different. This ransomware will display a message on the screen but will let you continue working. The timer will countdown (typically for 72 hours) after which it is too late to recover your data.
In the background, Cryptolocker encrypts your word files, spreadsheets, images and PDF documents on your PC and throughout your network. You must pay the authors of the software a fee of up to US$300 to unencrypt your files. The encryption uses a known strong standard encryption called RSA-2048. This is thousands of orders of magnitude more powerful encryption than when you access your bank account. With today’s computing power in a standard desktop PC, in order to find the key that will unlock the encryption on files encrypted with Cryptolocker, it will take a little over 6.4 quadrillion years.
How do you get infected with Cryptolocker?
Unfortunately it is very easy to get this ransomware on your computer and network. It generally spreads via a hoax email disguised as a complaint letter or perhaps an invoice to the business with an Excel or PDF-looking document attached. Only open email attachments or click on links from trusted sources and be extra vigilant about spotting informal email addresses that look suspicious. Infection is also possible by visiting compromised or malicious websites. When either of these are clicked on, the ransomware installs itself and encrypts your files. So, when you see the above screen or similar, it is too late.
What can you do to protect yourself from this ransomware?
You can pay the ransom each time you are infected. According to the articles documenting this ransomware, in most cases paying the ransom will decrypt your files and you can get your data back.
You can also recover your data from a backup. This means you will need to ensure you have a disaster recovery plan in place that will allow recovery of all of your critical files. Backup and disaster recovery are generally only worried about once you have had a problem, by then it is too late.
As backup and disaster recovery can be hard to manage, please speak to a member of our support team on 0131 556 0555 who can help ensure your system is backed up appropriately, we have recently added Data Vault, a cloud backup solution, to our suite of backup products.
Use an antivirus product and ensure it is kept up-to-date (even though this particular ransomware has successfully bypassed many trusted anti-virus products). If you have any concerns over your virus protection, contact our support team immediately. Keep your systems patched and up to date. If you don’t have time to keep your systems up to date, we can help you with this.
In order to ensure you can recover if you are infected by Cryptolocker, at very minimum you must ensure your backup and disaster recovery solution covers your entire business. If your disaster recovery solution is inadequate, you either must trust the hijackers that the US$300 you will pay to recover your data actually works or prepare to redo all of the documents on your system.
We strongly advise that you follow our recommendations to protect your practice management system and your business critical data.
May we remind you that as part of your contract, your technical support fee does not include the removal of any form of virus that may infect your computer system and that any such work we are required to do in the event of an infection will levy additional charges.
Should you have any queries regarding Cryptolocker or the general security of your data contact us on 0131 556 0555 and a member of our team will help.
Share this story
To keep up to date with all the latest news from Vetsolutions you can add our RSS feed or sign up to recieve e-newsSign up today>