Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


By Terry Doherty CEO of IT Service and Support Group: Doherty Associates.

Terry Doherty
Terry Doherty

Amongst the many current threats to business security is a new and pernicious type of Malware. Having attacked a system, this particular type of threat locks files up and demands a ransom to return access to its user. It is apparently affecting all sizes of organisations from the biggest, most IT aware companies through to SMBs and SMEs. As the CEO of a leading supplier of IT services and support covering London, the South East and beyond, I feel compelled to warn as many people as possible about this threat. I also wanted to provide some helpful advice for protecting your systems.

One of the most recent incarnations of this form of Malware is Cryptolocker. It’s generally been spreading through phishing attempts via email. Specifically, this Malware encrypts users’ files using asymmetric encryption, which requires both a public and a private key. The public key is used to encrypt and verify data, whilst the private key is used for decryption; each is the inverse of the other.

The bad news, from a user’s point of view, is that decryption is impossible unless a user has the private key stored on the cyber criminals’ server. Currently, infected users are instructed to pay $300 USD or more to receive this private key. To make matters worse, infected users also have a time limit to send the payment. If this time elapses, the private key is destroyed, and your files may be lost forever.

Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xls

If anyone does have this piece of malware on their machine demanding a ransom, and if the files haven’t been backed up previously, the user has no choice allegedly but to pay the ransom. Supposedly, once paid the files will be decrypted. Of course the major problem is, that even if the people doing this to you do unlock your system (and there is no guarantee that they will) you will have handed over your credit card details to someone you wouldn’t want to give them to. Typically, they will use these for a wide range of fraudulent transactions, causing the user another major and urgent headache to deal with. If indeed you do have to do this then I would strongly advise that cancel that credit card immediately after using it.

However, the good news is that if you do have working backups, then you may want to use the ‘system restore’ function to go back. This is to where your system was free from infection.

As back-up is central to Doherty Associate’s business, we know that good security can only be achieved if it is taken seriously all of the time and across all vectors. As we all know it can never be completely 100%.  However, one must take every step possible to head off problems as a breach always has wide reaching implications.  This can include the loss of confidential information from not just you and or your company but also your clients, suppliers and partners. If nothing else this could destroy, for example, the relationship you have with your clients et al. All of us have the potential to become victims as a result of such a breach that erodes trust and costs money and time. Indeed, the list of negative impacts goes on and on and on.

So it is very worthwhile educating the people within your organisation and around you to remain ever vigilant and use the following simple steps to combat the risks of malware :

Users should:

  1. Make sure that you are always running up to date Antivirus and Anti-malware software.
  2. NEVER open email attachments unless you know who sent them and what they contain.
  3. Make sure that you are taking regular backups (ideally online) of important data both on your organisations network and critically, of the information you are saving on your desktop and mobile computers (laptops, tablets, phones etc.).

Organisations should:

  1. Ensure that they are using email hygiene services that protect against viruses, malware and spam. These services are extremely valuable both in the protection they provide from malicious infections that are spread by email and from the increased user productivity that comes from reducing the amount of spam emails users need to deal with every day.
  2. Ensure that all programs and data are fully backed up very regularly, at least once a day, and that these backups are kept off site in-case of a building disaster.
  3. Ensuring that the network is protected by a modern firewall. Even firewalls that are only be a couple of years old may not be providing adequate protection against the plethora threats that exist today. Modern firewalls do so very much more than just trying to keep the bad guys from hacking into your network. They scan all incoming and outgoing traffic for viruses and malware, they keep a list of bad websites and bot networks ensuring that users on the network don’t inadvertently visit them and they monitor all traffic checking for suspect activity to name just three. In simple terms, without a correctly configured modern firewall in place your organisation is at an unduly high risk of attack.

These days there are many security and back-up solutions and services available to provide your business with the best defence and recently many of these have been Cloud based. This means they are always up to date, cost effective and very secure. And, if moving to the Cloud is not an area you feel at all confident about, then take a decision to enlist the support of an IT specialist who can manage all aspects of this for you. You will find this delivers a great deal of peace of mind. Don’t wait for an attack and the subsequent ransom demand. The time to act is right now……