The CryptoLocker virus began infecting computers and shared networks nearly two years ago and, unfortunately, continues to cause problems for some environments.  Businesses need to take proper precautions to keep this virus off their networks and have a plan in place in the event that it shows up on your network.

What is CryptoLocker?  It is a ransomware virus that targets computers running Microsoft Windows.  It finds its way onto computers through infected email attachments and websites.  This malware encrypts files on the user’s local drives, as well as mapped network drives, locking them from further use.  As the name implies, the ransomware will typically give the option of paying money to get the keys required to unlock the infected files.  Paying the ransom is something very few companies choose to do, as there is no guarantee of getting all of their files restored.

Security software can detect and remove CryptoLocker, but it is often not identified until after it has encrypted files on the user’s computer and network. 

How can you protect yourself?  Here are a few ideas:

  • Update your operating system and security software on a regular basis.
  • Train end users on sound computer practices and on how to identify threats, such as the strict practice of not opening email attachments from unknown or suspicious sources. Many times the source of the email looks legitimate (a UPS tracking number, for example), but upon closer examination it is not.
  • Backup your data frequently and consider an image-based solution that replicates to the cloud.
  • Utilize anti-spam software to block all email containing .exe files.

If you detect CryptoLocker on your system, you need to take the following steps to rectify the situation and recover as many of your files as possible (assuming you choose not to pay the ransom):

  • Immediately disconnect the infected computer from the network.
  • Complete a security scan of all workstations on the network to make sure the virus is removed.
  • Remove the encrypted files from the server.
  • Conduct a file restore from your backup system to recover the infected files.
  • Have users test the restored files.

CryptoLocker and other ransomware can create significant downtime in your organization.  Critical data files are inaccessible once locked, resulting in immediate loss of productivity.  Even if you regularly backup your computer and network files, work that was completed since the previous backup was performed will be lost.  An image based backup solution is an option that can shrink this window of lost production.  Businesses need to educate end users of the potential sources and related problems that are associated with this virus.  Diligence in avoiding suspicious email attachments and websites is critical in minimizing your exposure to this threat.

Have a Question? Please Contact Us!