The CryptoLocker, CryptoWall, and CryptoLocker 3.0 viruses are unique malicious tools known as ransomware that encrypts files using RSA-2048 key or AES-256, which are common encryption keys used to keep integrity and confidentiality of files safe. In order to decrypt the affected files, you either need to brute force the encryption key (which would require computing power beyond anything that currently exists) or you would need to be given the key value.
The key value is held by the virus’s creators, who demand payment in the form of Bitcoin to the tune of roughly $500; so the encrypted file is held ransom. The virus is able to scan all folders and files that the user has access to, and target files that have common file extensions such as .doc, .pdf, .zip, and over 180 other file types. This means that your USB thumb drive, the mapped drives to your network, anything you have permission to access from your computer.
How You Get the Virus
The virus is usually installed on the victim’s machine through visiting malicious websites, drive-by installation, or infected attachments on spam email. Some users may think they are downloading legitimate software updates such as Java or Adobe PDF Reader, when in fact they are downloading the virus through a fake installer. Spam emails are sent using information that causes the email to seem urgent or require immediate attention using headlines like, “Attention: Invoice Overdue” or “IRS Refund Available.” These emails can then be forwarded throughout a company unsuspectingly, causing widespread damage.
Most business systems have spam filtering services (or should) that block these type emails 90+% of the time. Many times business problems come from users accessing personal email hosts (gmail, yahoo, etc…) from work; effectively bypassing all business email security.
How Not to Get the Virus
What makes the virus so unique and damaging is that once the files are encrypted it is nearly impossible to decrypt the files without paying the ransom. However, there are methods that can help prevent the virus from injecting itself, and if the damage is done, to restore lost data.
- Have an up-to-date anti-virus and malware software with active browser protection. An active firewall is recommended so that no unauthorized traffic is allowed through.
- Set up a backup schedule to run daily will allow files to be rolled back to previous versions before the virus affected the machine. Using Shadow volume backup for Windows or an online cloud backup like Carbonite is recommended (personal use) or a business class backup platform for businesses large and small. This method is not perfect because any information altered between the last backup and the time of infection is lost.
- Spam filtering for emails will help reduce the chance of receiving infected attachments. It is important to practice the least privilege model, only giving users the permission they need to fulfill their duties. Practicing safe security measures helps to ensure higher availability and productivity.
- No personal email access from work computers; with little exception. Most have smartphones for casual personal email access so there is no need to log in from your business computer to Yahoo or other free hosts of the like. If that’s not functional, segment a computer from the network and that can be the “break time” computer for personal use.