CryptoPrevent is a utility we are freely giving away that can be use in your office or at your home to lock down %appdata% and %localAppData% folders in Microsoft Windows. CryptoPrevent is one of the best ways to mitigate risk and exposure to CryptoLocker and its variants. CryptoPrevent also has a self updater to protect from any new variants and folders they may attack from.
CryptoLocker is a ransomware trojan which targets computers running all versions of Microsoft Windows and first surfaced in September 2013. A CryptoLocker attack may come from various sources; one such is disguised as a legitimate email attachment. When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers. The malware then displays a message which offers to decrypt the data if a payment (through either Bitcoin or a pre-paid voucher) is made by a stated deadline, and threatens to delete the private key if the deadline passes. If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware’s operators, for a significantly higher price in Bitcoin.
Although CryptoLocker itself is readily removed, files remain encrypted in a way which researchers have considered infeasible to break. Many say that the ransom should not be paid, but do not offer any way to recover files; others say that paying the ransom is the only way to recover files that had not been backed up. Payment often, but not always, has been followed by files being decrypted. Restoring from data backups is the best option for data recovery.
When CryptoLocker was first released, it was being distributed by itself. Newer malware attachments appear to be droppers that install other malware as well. The most common malware that is being distributed with CryptoLocker appears to be Zbot. A dropper is an application that installs its own malware but will also add secondary malware or virus in its attack.
What can you do?
If you do nothing else please install CryptoPrevent. Here are the BIG 3 things you should also be doing.
Backups – Another recommendation is to have and test backups. Having a backup is not only for protecting your data from a virus but also from hardware failure or a natural disaster.
AntiVirus – We provide solutions for our customers to use several of the leading brand AntiVirus products. Our AV partners include (Symantec, Kaspersky, AVG and Microsoft)
AntiMalware – Our AntiMalware solutions come down to just one company MalwareBytes. MalwareBytes has been the industry leader and we are proud to partner with them for our solution.
For more information or to find out how secure you really are give Southern Solutions a call 301-632-5555