Case Study: Cryptolocker Ransomware
Keeping your business’s data safe from computer viruses is a crucial part to maintaining uptime. Just one email can cost you thousands of dollars.
A ransomware virus known as Cryptolocker has been infecting businesses through email and can cause crippling data loss. Learn how to keep your organization safe and minimize the risk of infections.
WHAT IS CRYPTOLOCKER?
Cryptolocker is a type of ransomware virus that infects your computer and secretly encrypts office documents, images, and other important files. Once the files are infected, you will receive a message, or “ransom note,” explaining you cannot access your files unless you pay a “fine.”
The files become encrypted and not even an antivirus software can help. Once the files are locked, it’s impossible to recover them.
IT CAN HAPPEN TO ANYONE
Even the most cautious individuals are at risk for Cryptolocker. It even has happened to one of our clients.
Their employees noticed important files were missing, and then the ransom notes started to appear on their computers, demanding they pay a fine to unlock the files.
The Crytpotlocker virus started with emails containing subject lines like, “Here’s that document I was supposed to send you,” made to look like a reply to a previous email. When an employee clicked on the files, nothing would open, however, secretly the infection began to take over.
The virus started on their workstation computers, staying hidden as the employees continued to work. As they accessed other files, the virus spread throughout the IT infrastructure and into their network, infecting their main file storage as well as other computers.
Once the ransom notes started to appear, everyone realized they had a serious problem. By the time our client became aware of the issue, the virus had locked 10% of the files on their server.
WHAT DID STRATEGY DO?
Unfortunately, the only remedy to ransomware infections is to pay the ransom or restore an uninfected backup of the system.
First, we identified the type of attack and communicated the situation to the employees. Next, we quarantined 191 user computers by taking them off the network to stop the virus from spreading further. Twelve computers were removed from the system and rebuilt to eliminate all traces of the virus.
Finally, we restored the server to 2 days prior to the initial outbreak. In total, the company was in quarantine for 36 hours and lost 2 business days’ worth of data and transactions.
WHAT WERE THE NEXT STEPS?
Once everything was restored and virus-free, we implemented new policies.
We identified a weakness in their old policy where they had given admin access to most employee computers. This allowed Cryptolocker greater access to the network. The new policy greatly restricted admin access to a select few users.
HOW CAN YOU AVOID THIS?
Antivirus protection is important, but even a modern, updated antivirus program can have trouble detecting the latest ransomware. With over 850,000 new viruses being discovered every day, it’s a literal arms race to stay protected.
First, user training is critical.
The outbreak started because unknown email attachments were opened. We created a new, strong domain policy to minimize admin access for their staff. We also helped them develop a more comprehensive outbreak process to teach their staff correct procedures in the case of another infection.
We had already been working with the client to maintain their backup systems, which was critical in restoring their office to a working state. Without good backups, they could have lost years of data – a catastrophic loss for any business. With our help, they only lost 2 days of data.
WHAT WILL YOUR STRATEGY BE?
Strategy can help secure your business infrastructure to save you time and money. We review your technology policies to search for any vulnerabilities. If your procedures for virus outbreaks are outdated or non-existent, we’ll create policies to teach users how to help identify an outbreak and minimize the damage.
Contact Strategy to take the first steps in securing your network and training your staff against attacks.
We’ll develop a strategic plan to protect against an infection, and upgrade your backup systems to minimize any losses that might occur.