This week has seen unprecedented global internet security activity as operations by Interpol, the FBI and the UK’s National Crime Agency (NCA) have been made public. The reason for this are the serious problems being caused by two malicious programmes targeting computers running Microsoft Windows:
The method of infection is by email attachment or a hyperlink in an email which downloads the malicious package.
These threats are not new. Since summer 2013 there have been around 50,000 infections of UK computers with the global total believed to be in excess of 230,000. Around $30 million has been extorted with Cryptolocker while GOZ related fraud activity has enabled theft of about $100million.
The cyber-criminals behind the threats have been quick to morph them to get around defensive countermeasures. The threat remains agile and the unprecedented activity this week to shut down this criminal activity by seizing control of the Cryptolocker servers is ongoing. It is believed the current efforts may be effective for up to two weeks, but after that experts predict it will morph yet again.
While both of these pose a risk to commercial operations, for many businesses Cryptolocker is the primary concern. Once encoded, decryption is impossible without the key because files are encrypted with 256 bit technology. The key to unlock these is then encrypted with 2048 bit encryption.
To prevent infection and the problems this is causing there are a number of steps businesses can take. Some are helpful to everyone for minimising the risks, but others are really for Power Users or Admins.
Keep regular updates on drives or remote services that are disconnected other than when backing up.
Enable automatic updates for Windows and other applications or go directly to the application vendor websites to update them.
Don’t open emails from people you don’t know or are not expecting. If curiosity gets the better of you do not under any circumstances open attachments or click links in emails.
Best policy is to block all email activity related to .EXE files; use workarounds such as password protected ZIP file containers if you must use them.
Anti-malware software and software firewalls can help prevent infection, or interrupt the Cryptolocker mechanism if it does manage to get in and run.
Using rules within Windows or Intrusion Prevention Software lets you interfere with the Cryptolocker mechanism by preventing .EXEs running from App Data and Local App Data directories.
This tool enables Group Policy automation preventing .EXEs running from App Data and Local App Data directories.
Disabling Remote Desktop Protocol shuts down another route that is often exploited.
…but have not seen a ‘ransomware’ screen come up, disconnect from the network immediately by shutting down Wi-Fi connections and physically unplugging network cables; disconnect USB drives as well; there is no guarantee this will prevent encryption, but like the man said, it’s better than doing nothing…
If you believe your computer may be infected go to www.getsafeonline.org/nca and download one of the free programs designed to specifically identify Cryptolocker and GOZ.
If you have been a victim or want to prevent your business becoming a victim, then Paralogic security experts have been helping our clients meet the challenges posed by Cryptolocker and other ‘ransomware’ and malicious software threats for many years.
Please contact us and we’ll be glad to see if we can help. Simply fill in the form on the right or call us on 01844 293 330.
For extended information on the preventative measures outlined in this blog please go to welivesecurity.com
For more than 20 years, Paralogic has been on the side of small business, providing IT support and services they can rely on. We’re thrilled, therefore, to be named among the best British MSPs, cementing…Read More
The European Union’s General Data Protection Regulation (GDPR) is the most significant shake up of information security for many years. Despite the toughening of rules and the harsh treatment of companies by regulators and the…Read More