By Terry Doherty CEO of IT Service and Support Group: Doherty Associates.
Amongst the many current threats to business security is a new and pernicious type of Malware. Having attacked a system, this particular type of threat locks files up and demands a ransom to return access to its user. It is apparently affecting all sizes of organisations from the biggest, most IT aware companies through to SMBs and SMEs. As the CEO of a leading supplier of IT services and support covering London, the South East and beyond, I feel compelled to warn as many people as possible about this threat. I also wanted to provide some helpful advice for protecting your systems.
One of the most recent incarnations of this form of Malware is Cryptolocker. It’s generally been spreading through phishing attempts via email. Specifically, this Malware encrypts users’ files using asymmetric encryption, which requires both a public and a private key. The public key is used to encrypt and verify data, whilst the private key is used for decryption; each is the inverse of the other.
The bad news, from a user’s point of view, is that decryption is impossible unless a user has the private key stored on the cyber criminals’ server. Currently, infected users are instructed to pay $300 USD or more to receive this private key. To make matters worse, infected users also have a time limit to send the payment. If this time elapses, the private key is destroyed, and your files may be lost forever.
Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xls
If anyone does have this piece of malware on their machine demanding a ransom, and if the files haven’t been backed up previously, the user has no choice allegedly but to pay the ransom. Supposedly, once paid the files will be decrypted. Of course the major problem is, that even if the people doing this to you do unlock your system (and there is no guarantee that they will) you will have handed over your credit card details to someone you wouldn’t want to give them to. Typically, they will use these for a wide range of fraudulent transactions, causing the user another major and urgent headache to deal with. If indeed you do have to do this then I would strongly advise that cancel that credit card immediately after using it.
However, the good news is that if you do have working backups, then you may want to use the ‘system restore’ function to go back. This is to where your system was free from infection.
As back-up is central to Doherty Associate’s business, we know that good security can only be achieved if it is taken seriously all of the time and across all vectors. As we all know it can never be completely 100%. However, one must take every step possible to head off problems as a breach always has wide reaching implications. This can include the loss of confidential information from not just you and or your company but also your clients, suppliers and partners. If nothing else this could destroy, for example, the relationship you have with your clients et al. All of us have the potential to become victims as a result of such a breach that erodes trust and costs money and time. Indeed, the list of negative impacts goes on and on and on.
So it is very worthwhile educating the people within your organisation and around you to remain ever vigilant and use the following simple steps to combat the risks of malware :
- Make sure that you are always running up to date Antivirus and Anti-malware software.
- NEVER open email attachments unless you know who sent them and what they contain.
- Make sure that you are taking regular backups (ideally online) of important data both on your organisations network and critically, of the information you are saving on your desktop and mobile computers (laptops, tablets, phones etc.).
- Ensure that they are using email hygiene services that protect against viruses, malware and spam. These services are extremely valuable both in the protection they provide from malicious infections that are spread by email and from the increased user productivity that comes from reducing the amount of spam emails users need to deal with every day.
- Ensure that all programs and data are fully backed up very regularly, at least once a day, and that these backups are kept off site in-case of a building disaster.
- Ensuring that the network is protected by a modern firewall. Even firewalls that are only be a couple of years old may not be providing adequate protection against the plethora threats that exist today. Modern firewalls do so very much more than just trying to keep the bad guys from hacking into your network. They scan all incoming and outgoing traffic for viruses and malware, they keep a list of bad websites and bot networks ensuring that users on the network don’t inadvertently visit them and they monitor all traffic checking for suspect activity to name just three. In simple terms, without a correctly configured modern firewall in place your organisation is at an unduly high risk of attack.
These days there are many security and back-up solutions and services available to provide your business with the best defence and recently many of these have been Cloud based. This means they are always up to date, cost effective and very secure. And, if moving to the Cloud is not an area you feel at all confident about, then take a decision to enlist the support of an IT specialist who can manage all aspects of this for you. You will find this delivers a great deal of peace of mind. Don’t wait for an attack and the subsequent ransom demand. The time to act is right now……