Cyber crime is becoming more targeted to achieve specific, often brazen, outcomes. Lately, we are seeing more incidents of cyber espionage where cyber criminals (a.k.a. cyber gangs) are launching ransomware Trojan horses that come from various sources but are disguised as legitimate email attachments. When the attachment is opened, it releases the malware that will seek and encrypt certain end user files. At this point, the end user has lost access to their files. When the end user tries to open these important files, the malware displays a message that offers to decrypt the files for a price. The most known example of this is CryptoLocker, which was discovered in September 2013 and is a new variant of ransomware with the sole purpose of infecting and holding the victim’s computer for ransom until payment has been made to the attackers through a 3rd party method (i.e. MoneyPak, Bitcoin) in order to decrypt and release the victim’s files.
Can we totally eradicate future incidents of similar sophisticated malwares as it is today? It is not likely. However, there are some steps we can take specifically to help mitigate against CryptoLocker ransomware or to help avoid becoming a victim to another cyber gang.
- Back up your assets: Routine backup is key for recovery in case you’re already infected, or when you become. Also, because CryptoLocker can crawl through your network, the backups should be stored someplace isolated or externally offline. Of course, this means you should not back up your computer onto your network home drive or shared folder since that is an easy target.
- Update your endpoints: Endpoint malware software must be kept up to date with the latest signature, and your computer should be scanned frequently to alert when new instances or presence of malwares is detected.
- White list your applications: Because CryptoLocker will typically install itself in the Windows “Application Data” folder, an application whitelisting software can help by configuring and restricting the creation of new files or folders as unwanted or unauthorized software installations are attempted.
- Follow the cyber security lifecycle approach: As Benjamin Franklin said, “An ounce of prevention is worth a pound of cure.” So leveraging the combined security capabilities from both the email and web security gateways are the most effective methods in protecting end users from targeted SPAM, spear phishing attacks and compromised sites from malicious malware. Purposed built with robust security features such as IP reputation, URL filtering, anti-malware protection and real-time threat detection, email and web security gateways are among the most effective ways to prevent malicious attacks. However, we still need to be leery of social engineering tactics, especially when opening emails, sharing files and clicking on URL links, as well as, links embedded in documents.
- Disconnect or disable: Lastly, if one suspects a possible CryptoLocker ransomware infection, they should immediately disconnect or disable their computer from the network (both wired and wireless) and contact helpdesk support or trusted security expert ASAP.
While we can’t stop cyber criminals or cyber gangs from pursuing more ingenious ways of attacks, we must be aware of these incidents and implement best practices to protect our assets.
COMMENTS