We all know we should be very careful before clicking on links in email or opening mail attachments; but today we found out this advice is more important than ever. There is a particularly nasty piece of malware (malicious software) making the rounds that can render all of your files unreadable through encryption.
The malware (dubbed CryptoLocker, aka “Trojan:Win32/Crilock.A“) is usually delivered as an executable inside a ZIP file attachment, in an email worded to convince the recipient to open the attachment. Once activate, CryptoLocker scans for all document-type files – including those on network drives! – and encrypts them with strong RSA-style encryption; the effects cannot be reversed. Once all files within reach have been encrypted, the software than demands a ransom to allow recovery of the files!
Antivirus programs are only a partial defense since malware such as this mutates rapidly, with each mutation requiring an updated set of virus definitions to prevent the infection. Again it’s important to realize – once the encryption of the data is complete, decryption is not feasible, not without paying the ransom demanded by the malware author.
The best defenses against this type of attack are:
- Be very wary of email attachments and links – do not open an attachment you are not expecting and for which the email body does not provide a good description. Likewise, be extremely careful clicking on links in email. Remember, it is easy to make an email look authentic by formatting it to appear to be from a well known organization; however, the links in the email may take you to a site dispensing malware.
- Keep very good backups with version retention – if your backup only has the most recent copy of a file and that has already been rendered unreadable through encryption then you will be out of luck.
- Ensure that your computer and all applications are kept fully patched and up to date – particularly Oracle Java, Adobe Flash and Adobe Reader. In fact, if you do not need Java then it’s best to uninstall it; there can be serious risks associated with having Java installed on your computer.
- Block EXE attachments at the mail server – with the advent of alternative file sharing platforms (dropbox, google drive, cubby, etc), there is no longer any business need to allow for sending of EXE-type files as email attachments.
Note that Oracle released an update for Java today, and both Microsoft and Adobe released updates yesterday. Please take the time to update these applications today – it can save you hours of lost time and frustration tomorrow!
[…] Protect Yourself & your Data – think before you click! […]