In the last couple of months, ransomware attacks have continued to rise. According to recent statistics gathered by Check Point, for the first time ever ransomware is among the top three of today’s most dangerous malware. Although it’s not a new phenomenon, it has nevertheless grown at an alarming rate in 2016 and become the king of malware threats. In order to better understand ransomware’s popular variant called Cryptolocker and the possible ways to prevent it, we have conducted an exclusive interview with M-Theory Group’s IT Director, Amit Segev.
What is a Cryptolocker virus? Does it only infect computers or can it infect any device connected to the internet?
CryptoLocker is a ransomware program that targets all versions of Windows, including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting the files, it will display a CryptoLocker payment program, which prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or three days, to pay the ransom, otherwise it will delete your encryption key and you will not have any other way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.
How does the user get the Cryptolocker infection?
It spreads in many ways, including through phishing emails that contain malicious attachments or links, or via drive-by download sites. Often, Cryptolocker arrives as a file with a double extension, such as *.pdf.exe. Since Windows doesn’t display file extensions by default, this file may look like a PDF file, rather than an executable.
What happens if the user gets infected by the Cryptolocker virus?
Unfortunately, security companies and Anti-Virus providers are always one step behind hackers. If the user/company gets infected by a fairly new version of the Cryptolocker virus, then they are left with two options for recovering the files:
1st option: Recover from last backup or disk snapshot. If the files were saved on a cloud-based storage, there might be a way to restore the files and folders to an earlier time within the same day.
2nd option: Pay the ransom.
What should a user do when hit by the Cryptolocker virus?
The minute the user suspects that his or her computer got hit with a Cryptolocker virus, he or she should follow the steps below as soon as possible:
1- Disconnect the workstation from the network
2- Power off the computer.
3- Alert their team members and report to the network administrator.
What can a user do to prevent these threats from affecting their computers?
Here are a few tips that will help you keep ransomware from wrecking your day:
1- Make sure your data is backed up outside your computer and network.
2- Makes sure your computer and applications are up to date with all security patches.
3- Keep a healthy Anti-Virus software.
4- Do not open any attachment or files that look suspicious.
Last but not least, the best method to prevent these threats is user education by making sure that all the company employees are aware and keep their eyes open for any suspicious emails or attachments.
Did any of M-Theory Group’s customers get hit with this virus recently? If yes, how?
Yes, because the user has received a phishing email which looked legitimate and accidentally opened it.
How did M-Theory Group help its customers to overcome it?
We helped our customer to recover his files and folders from his latest backup.
What are the features that differentiate M-Theory Group from its competitors?
These are our top three support features:
1- Trust– As your trusted advisor, we ensure that you get the service and support necessary to keep your business running smoothly;
2- Availability– Regardless of the time, if you have an emergency we will always be there for you;
3- Professional– Our trained staff is ready to handle your IT needs, from basic help-desk support to virtualization projects and all the way to our private cloud solutions.
What’s the biggest challenge that you face in your role as IT Director?
I wish there were only one 🙂