Below is our blog posting on the Cryptolocker Virus. Unfortunately, since our post last Fall, the virus has not gone away and its continued growth warrants another look at our article. This week, MSPmentor, a resource for Managed Services providers, published an article on recent outbreaks of the virus. As the article states, the virus is still infecting computers and demanding payment before decrypting and recovering files. The best advice to protect your business is to make sure you have sufficient data backup and disaster recovery, along with business continuity, which a Managed Services provider can assess and deliver. With the proper security in place, a Managed Services provider can restore files and have customers up and running quickly, even if there is an infected computer. Read more on the virus:
A very dangerous computer virus, known as the Cryptolocker Virus is currently causing massive damage to businesses. We usually do not write about viruses as part of our tech tips blog, but this one warrants a close look and caution.
We saw the virus surface in September of this year when it started appearing in the in-boxes of emails. It was originally spread by email addresses that pretend to be about customer support related issues from companies such as FedEx, UPS, etc. An attachment is included that infects the computer when opened. The virus also came from exploit kits that were located on hacked web sites that exploit vulnerabilities on computers. Other reports indicated that the virus was also spread when trojans pretended to be programs that required you to view online videos, thus infecting the computer.
When a computer is infected with this virus, the virus will scan your drives and encrypts files. Eventually, the virus shows a screen, titled Cryptolocker, that demands a monetary ransom within 72 hours or your computer will lose all files.
Sound scary? It is, and unfortunately, it is not a scary movie. It’s real. A couple of our own customers experienced the trauma of this virus, which we will detail below, but first we wanted to give you advice, should you come across the virus on your own computer. Remember, this advice should be repeated to all of your employees, since everyone should take precautionary measures.
ADVICE FOR PREVENTION:
- Do NOT open attachments, unless they are from a known, reputable source and the email refers you to a link with the actual domain name in it. Also, NEVER click on an email that is vague or delivered via an outside third party.
- Keep your IOS up to date.
- Use a trusted Antivirus with an email scanning option.
- Make sure you have a firewall in place.
- Have a Backup (BDR) that automatically backs up all of your files (preferably one that has fast restoration).
- It is recommended to have an IT professional ensure that all of the above is complete. A Managed Services Provider will do this on a regular basis for you and monitor any hacking.
IF YOU GET THE VIRUS:
- Unplug the internet IMMEDIATELY.
- Do NOT pay the ransom key, because an uninstall and decryption of files is possible.
- Assuming you had a good image backup, still contact your IT professional to ensure that the virus has not caused damage.
One of our customers, a law firm, encountered the virus recently. One of the employees opened an email attachment that looked like it was from FedEx, although upon further inspection, was not really from a FedEx domain. Not realizing that this was a virus, the internet was not unplugged and the virus infected the server, corrupting the files. Luckily, we had previously installed a full BDR Backup for this customer and we were able to restore the files. Since the attachment was opened, the virus had been invited in, even though a good Antivirus was on the computer. Additional spam filtering was added for this customer. The good news is that we were able to have the server and all computers for this customer up and running within an hour.
Another customer contacted us this week, a collection agency, that was not as fortunate. This company has occasionally called us for IT guidance, but chose not to use our Managed Services, indicating that they had someone on staff, who was technical enough to handle the support. It also encountered the virus when an employee opened an infected email. Because this company took care of its own backup, it thought it had a full backup in place. In reality, it had just a file backup that hadn’t been verified or monitored. In addition they did not have a full image backup, so when all of its files were deleted by the virus, they found that the last good backup was in August and it will take weeks to restore its data.
We urge you to think about the security and IT support you have in place for your business and to remember that the damage from these viruses can be very real.
Please contact us with any questions you have about the Cryptolocker virus or your IT support.