by Scott Lewis
Just when we thought we had it under control, it’s back! The new strain is even tougher to stop than the old one. The first round of cryptolocker virus, a type of ransomware, infected millions of computers around the world and cost consumers hundreds of millions of dollars in ransom fees, lost productivity, lost opportunities and recovery fees. Just as a reminder: The crypto virus typically comes in through email, encrypts your files and then requires you to pay a fee in order to unlock the files if you don’t have a backup of your files to restore them.
This new strain of crypto is spread in a multitude of ways: phishing emails, fake application updates, malicious Internet ads that in most cases are on legitimate websites. This strain comes across in ways that make the typical user unaware that he is about to launch a virus that potentially will shut down his company until the restoration process is complete. It will come in disguised as a fax notification, voice mail notification or Dropbox link to a zip file.
Many of us are using services such as Dropbox; however, these types of file-sharing programs have now become a primary source to spread this new version of the crypto virus.
One of the most common questions I get is: How does a crypto virus work? The first step is the virus always finds a way to get the end user to execute the files required through an executable file. At that point, what is called an exploit kit is installed on the victim’s computer. This is actually a hacker-type tool that searches for variabilities such as unpatched versions of Java, Flash, IE and multimedia programs. Once the exploit kit is installed, it typically takes about 24 hours for the CryptoWall to download and install on your system and start to encrypt your files.
Once your files have been encrypted, you will get a link to a TOR (anonymous routing) site, which is where you will pay the ransom. If not done within a specific time, this can double or triple in cost. Cybercriminals have started using bitcoin as a method of payment because it is basically untraceable currency.
Once you’ve paid, you will receive a link to a CryptoWall Decrypter site that will walk you through unlocking your files. Keep in mind that paying this ransom in no way guarantees that your files will be unlocked – we have seen this process work, and we have seen this process fail.
The big question is: How do we protect ourselves? Well, in all honesty, there really is not a good way to protect yourself. Of course, we all think there is, but the reality is we are all vulnerable to crypto viruses. However, there are some steps you can take to minimize the impact of a crypto virus.
• Eliminate administrative rights on the local workstations.
• Block Internet traffic from fraudulent IP addresses.
• Keep anti-virus software on the current versions and current signatures.
• Educate users to click with caution.
• Don’t click on emails if you don’t know the sender.
• Make sure you have patched and updated your systems.
• Most important, back up, back up and back up.
How big is this problem? PCWorld estimates that more than 600,000 computers were held hostage and more than 5 billon files were infected and earned their creators more than $3 million in ransoms in nine months. Most anti-virus manufacturers and security experts list crypto and ransomware viruses as their No. 1 threat in 2015. The United States has the highest level of infection at slightly more than 40% of the reported crypto infections. Keep in mind that most companies are not reporting the infections to law enforcement, so the actual numbers are likely much higher than estimated.
The crypto virus is going to continue to be a thorn in the side of business and personal computers for the foreseeable future. It is an intelligent, learning virus, and because of its signature and deployment methods, we all have to take a very vigilant approach to educating our users and employees on best practices related to how the virus is transmitted.
Scott Lewis is the President and CEO of Winning Technologies Group of Companies. The Winning Technologies Group of companies is an international technology management company. Scott has more than 30 years of experience in the technology industry, is a nationally recognized speaker on technology subjects such as Collocation, Security, CIO level Management, Data and Voice Communications and Best Practices related to the management of technology resources. Learn more about Winning Technologies at www.winningtech.com
Submitted 7 years 265 days ago