Cryptolocker and other Variants: a glimmer of light?
By: Keith A. Becker
Since 2013 theses types of Ransomware (1) have been the bane of pain for all those in the IT security community and so far there is not light at the end of the tunnel. If you google anything on how to remove the virus, or how to recover your files, there isn’t much hope for restoring those files, the data is lost. Well almost. If you have backups run daily, that are stored offsite from your devices, you’re in a better spot than most. You may ask why you need these to be offsite. The reason is that in some cases the virus will go through and encrypt the backup files as part of the attack, making them ineffective.
To further make this type of attack more visible and less likely to be controlled by the security community, at the Cyber Security Summit in 2015 a top government agent’s official take was, and I quote:
“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.” (2)
After making the recommendation to “pay the ransom” it was no surprise that the volume of attacks skyrocketed.
So the light, or glimmer of light, at the end of this very dark tunnel is that Tech II has offerings for data backups and restoring those backups. The Technicians at Tech II have experience in not only correcting the situation and recovering the systems and data, but also take the time to educate those infected to help them better understand the situation and appraising them along the way. As part of our backup recommendations and practices, we perform extraction testing, which test the backups to ensure that they are working properly.
For more information on what Tech II can do to help, visit the Threat Mitigation or Backup Section of our website of give us a call today. We’ll help you stay one step ahead of these threats to your data!
- CryptoLocker is a ransomware trojan which targeted computers running Microsoft Windows, believed to have first been posted to the Internet on 5 September 2013. CryptoLocker propagated via infected email attachments, and via an existing botnet; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers. The malware then displays a message which offers to decrypt the data if a payment (through either bitcoin or a pre-paid cash voucher) is made by a stated deadline, and threatened to delete the private key if the deadline passes. If the deadline is not met, the malware offered to decrypt data via an online service provided by the malware’s operators, for a significantly higher price in bitcoin. (https://en.wikipedia.org/wiki/CryptoLocker)
- “FBI’s Advice on Ransomware? Just Pay The Ransom.” The Security Ledger. N.p., 22 Oct. 2015. Web. 5 Jan. 2016. https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom/