What is Ransomware/CryptoLocker?
on 01/10/2014 00:00:00

How much would you be prepared to pay if your data were held hostage? This might sound like the plot from a Hollywood film but it's a question many users are facing every day thanks to inadequate virus protection.

Ransomware presents a serious threat to business data, as it has the ability to lock access to files until the victim pays the attacker. It is a form of malware that works by encrypting user data until the correct decryption key has been entered. However, users can only gain access to that key by paying the ransom the attacker has set.

This specific type of malware has been around for a while, although criminals are now using it to scam individuals as well as businesses who have traditionally been the prime target. In recent weeks a new variant of Cryptolocker (a type of ransomware) has been affecting UK businesses and it seems the only way to retrieve data other than restoring from backup is to pay the ransom.

How does it work?

Ransomware is often attached via an email, a computer programme that’s been infected or a website which has been compromised. However there have also been examples of more sophisticated infections. A whitepaper from Sophos called ‘Ransomware: Hijacking Your Data’ notes that, in some cases, people have been presented with a message that appears to be from the ‘Federal Bureau of Investigation’. Those victims are then asked to pay a fine because their computer has apparently been used for illegal activities.

Not every type of ransomware will directly ask its victims for money though; the Sophos whitepaper explains that in a similar vein to fake malware, the main purpose of ransomware is to scare its victims into making a purchase. Whereas fake malware will try to persuade users to buy a virus removal programme, ransomware sometimes counts on its victims searching for the problem online.

This is reflected by Google Trends statistics which show that ‘ransomware’ is now more commonly searched for than ‘fake malware’. The attackers depend on this searching as it will often lead victims to buy software from a legitimate website - a technique known as blackhat SEO (search engine optimisation).

How can I block it?

Most ransomware and malware is delivered to your desktop as e-mail spam so the best way to stop it is by using an Anti-Spam program. Having monitored the effect of CryptoLocker over the last two months, Net Technical can say with confidence that those customers using our MessageLabs Anti-Spam service have had a far lower hit-rate than those who don’t. In fact, we can only find a single instance of someone using MessageLabs being hit by CryptoLocker so it’s not fool proof but it certainly helps. Of course, the second most important thing you can do it DON’T OPEN ANY ATTACHMENTS unless you are 100% confident that the content is safe. Even if it looks like it has come from a colleague, if you are unsure, just send them an email and ask if it is legitimate. Better safe than sorry.

For more info on our Anti-Spam service please contact your account manager on 01252 235 248

What are your options if you become infected?

Running a reliable backup is the best way to avoid falling victim of ransomware. After all, not only does it seem wrong giving into the bad guys but, even if you do decide to pay the ransom, what guarantee is there that your files will be decrypted afterwards? Ideally, you should be running a daily backup to either tapes or our cloud-based solution Backup2 and in many cases our customers do both for ultimate peace of mind. Most importantly, make sure you phone our support line as we are now well versed in dealing with this problem and can help to sort things out as quickly as possible.