Cryptolocker first appeared in 2013. It was a new kind of trojan – an ordinary-looking file that, when opened, releases malware into your computer. Cryptolocker’s twist was that it would encrypt all the files on your machine and demand a ransom to decrypt them. It also displayed a timer and if you didn’t pay before it ran out your files would be gone forever.
The good news is that in June 2014, an international team of cybersecurity experts was able to neutralise Cryptolocker and indict the head of the crime syndicate responsible for it. The bad news, however, is that other criminals had already started work on copycat Trojans.
Now ‘CryptoWall’ and ‘TorrentLocker’ are making the rounds, forcing many Australian business owners to choose between financing illegal activity and surrendering valuable data. So what can you do to protect yourself from these programs?
Prevention is better than cure
Unfortunately, there’s no ‘cure’ for CryptoWall and TorrentLocker – if you decide not to pay the ransom, you’re unlikely to ever retrieve your files.
So here’s how you can prevent your computer or network from being attacked: both CryptoWall and TorrentLocker spread using false attachments that usually arrive with unsolicited emails from government departments. For example, the Australian Communications and Media Authority has warned consumers to be on guard against emails that appear to come from Australia Post but contain suspicious attachments.To stay safe, it’s a good idea to introduce rules on how to treat unwanted emails.
You should also take steps to limit damage in case of an infection. For example, Spiceworks has released a CyberLocker Prevention Kit that also works for the CyberLocker clones – it isolates infected computers and can prevent the Trojan from spreading through your network. You can apply the same changes automatically to a single computer using the CryptoPrevent tool. And of course you should always also use a strong and regularly updated antivirus program with active scanning.
Back up regularly
Backing up you files is the most important step you can take towards protecting yourself from ransomware. With regular backups, you can restore important files even if your network or computer is compromised. However, it is vitally important that you back up your files to an external source. Otherwise, a Trojan like Cryptowall might encrypt your backup files too.
Consider your cloud solution
In July 2015, Heimdal Security reported that CryptoWall 3.0 had begun to spread to files stored in Google Drive, the popular online storage service. At around the same time, Cryptowall was also detected in Dropbox. Many users were shocked to learn that they couldn’t retrieve their files from these sites – and that’s why it’s so important to distinguish between file syncing and file backups.
File syncing services like Google Drive and Dropbox immediately mirror changes to files on your computer or network – even if those files have been corrupted. However, they don’t perform incremental backups, which means that you can’t retrieve an earlier version of a now encrypted file. That’s where cloud backup services come in. Not only do they back up files in real time, they save copies of each file version in a separate location for future retrieval.
So, if you’ve moved to the cloud, ensure you’re using best practice backup procedures. And if you’re committed to Google Drive, consider a service like Backupify which automatically copies your files on Google Drive to a secure location.
Keeping ahead of the crypto-villains
According to the FBI, CryptoWall infections cost American consumers US $18 million dollars between April 2014 and June 2015. And in Australia, TorrentLocker alone has infected more than 9,000 computers, demanding payments of up to AU$1,500. Make no mistake – they’re dangerous programs and can paralyse your business if you’re unlucky enough to open the wrong attachment. So be proactive, educate your colleagues, and make sure that your files are kept out of harm’s way.