New Virus Threats: “CryptoLocker”, Ransom-Ware and Survival Tips
How would your organization handle a “Data-for-Ransom”, or other serious IT Security breach?
2013 has certainly seen a significant rise in the number of Internet and network security threats, and has included the unwelcome introduction of a particularly fearful type of hacker attack – that’s the one now known as “Ransom-ware”, and more specifically, “CryptoLocker”.
Simply stated, “CryptoLocker” is essentially the IT equivalent of a hostile, external force taking over your computer (or server), and holding its most critical data “hostage for ransom”. Whereas other types of viruses and other “malware” tends to steal passwords, invade privacy, damage, degrade, or otherwise compromise systems, etc. – as if all of those perils weren’t disruptive enough – this particular form of “malware” goes the additional mile, and actually forcefully “locks up” the computer’s various data files, and holds them “for ransom”, unless the attacker is paid off. This type of attack probably ranks up near the top of some of the most disruptive and malicious perils that a computer user could potentially encounter, simply by performing as innocent a mistake as opening (or running) an infected or malicious attachment.
Although none of RiteTech’s clients has been infected by CryptoLocker to date, we have heard of a greatly increased incidence rate of its infections encountered being reported by other IT providers, which suggests that the overall level of infection is increasing, and accelerating. While there is never a 100% guarantee or prevention from IT security breaches (just as there is never a 100% guarantee from physical security breaches, or other perils – like fire, floods, etc.) – there are several “best practices” that can help organizations maintain a reasonable level of security and data protection.
RiteTech can help provide guidance to ensure that your organization’s IT infrastructure and policies are “all that they could be”. We provide “lunch n’ learns” about IT Security, Cloud Computing, and other informative seminars to qualifying organizations. Contact us for further details.
1. Having an appropriate and adequate data protection strategy is essential. This includes ensuring that all critical data is properly backed up (ideally, off-site for the most critical data), and that restoring from backups are regularly tested. Incidentally, when the restoration is tested, part of what also needs to be tested is the length of time for a restoration to occur. Many firms, including IT firms, vastly underestimate the amount of time, or level of effort, to recover data from a catastrophic loss.
2. Ensure that staff is storing critical data in the appropriate locations (which are in turn, backed up) is also essential. This is largely a policy and a training issue, rather than a technical one.
3. Ensuring that staff has basic awareness of IT security policies – as well as their own employer’s policies – is also extremely important. For instance, does staff know how to handle (or report) a suspicious incoming e-mail or phone call? A malfunctioning computer? A telephone, LAN room, or other sensitive “IT closet” that is discovered with its door opened and no explanation, etc.? All of these are examples of scenarios that staff should have some basic awareness on what to look out for, and how to handle.
4. What is the organization’s “Bring Your Own Device” [B.Y.O.D.] policy? (e.g. for syncing personal devices with e-mail, etc.?). How will the organization handle scenarios if an employee’s personal device is lost, stolen, or hacked – and the company’s data on the device is somehow compromised or placed at risk? (Hint: Mobile Device Management [MDM] software and related policies can help reduce and control these risks).
5. Does the organization’s network have an appropriate, and properly managed and monitored firewall(s), that can adequately protect against all modern threats, while also not drastically slowing down the organization’s Internet speeds? Hint: If the firewall(s) cost the organization less than $1000 and/or if the firewall was purchased from a Best Buy or other retail source, then the answer is almost assuredly NO. (Contact us for explanations about why that is). An unmonitored firewall – especially one without someone who regularly views or analyzes its activities or reports – is about as helpful as having a security camera system where nobody ever watches the monitors, or ever plays back its security recordings.
6. And of course, it goes without saying – however, having effective, well-updated, and centrally managed/monitored antivirus or appropriate security software on ALL connected devices – as well as some sort of uniform method of ensuring that various critical software patches or updates are consistently deployed on all of these devices – is essential.
Want More Info?
The following articles provide more information about the threats: