CryptoLocker Virus Tips – Take Action Now!

December 17, 2013   //   Managed Services, , , , , ,

It has been three months since the Trojan horse malware CryptoLocker first appeared. The timing was no accident – you get an e-mail that appears to come from shipping carriers like FedEx and UPS just as holidays shopping season begins to ramp up, but once you click on the link to track the package – you’re infected. But is it still dangerous? The answer is: Absolutely!

The CryptoLocker virus relies on an advanced network of command-and-control servers and continues to be developed by the malware’s creators. If you have not heard about CryptoLocker, it is a very nasty virus which encrypts your computer files and holds them for ransom. The virus demands that users pay anywhere from $300 to thousands of dollars to get their files back. Unfortunately, this virus has been very successful in extorting money from its victims which has motivated hackers to keep on developing more viruses.

Each new iteration of CryptoLocker becomes harder and harder to detect and antivirus vendors are struggling to keep up. But – if your organization cannot rely on your antivirus software, what else can you do? Here’s a list of four things SWC recommends:

  • Educate users – Do not open unsolicited attachments, no matter how legitimate they may appear. If you were not expecting it don’t open it! If a user does get a suspicious looking attachment they should contact IT or Help Desk immediately.
  • Regular backups – Use a combination of volume shadow copy (previous versions) and offline backups. If users are still storing files on their local computers, you should look into folder redirection using domain-based group policy.
  • Keep your operating system and software up-to-date – If your organization is still running Windows XP and migration has not already begun, it’s time to get serious about making the move. With less than five months remaining before Microsoft will stop supporting Windows XP, there is very little time left to develop a plan and begin testing applications; however upgrading should be any IT department’s number one priority going into 2014. Once XP is out of the way, your IT team can focus on keeping common applications and runtimes like Acrobat, Flash and Java up-to-date and deploying monthly security patches from Microsoft to workstations using Windows Server Update Services.
  • Revise IT policies to protect users from themselves – Users should not be logging into computers as local administrators. Use software restriction policies to protect against unauthorized software, especially in temporary folders and removable drives. Block executable files at your spam filter before the user ever receives it.

If you have questions about Cryptolocker, Ransomware or other threats to your security, please contact SWC. If you would like to learn more about Managed IT Services, please join us for our next informative Managed Services event.

If you enjoyed this post, please take a moment to read some of our other posts about Security and Managed IT Services:

Security Awareness: Tips for Protecting Your Online Identity from Hackers
SWC Managed Services – A More Strategic Approach to IT
The Fundamentals of Cyber Security
The Top Five Signs You Need A Managed Services Partner Or Are Ready To Outsource
2013 IT New Year’s Resolutions
BYOD Policies And Mobile Device Management