There is a threat circulating on the Internet that I hope you will never experience. It is called CryptoLocker, and it is a form of ransomware – malicious programs that, when run on your computer, will hold your files or maybe even your entire disk drive hostage until money is paid to unlock it. Horrible but true.
CryptoLocker is just the latest in ransomware, and if you are just learning about this for the first time, consider yourself lucky. Some people reading this have unfortunately already learned about ransomware the hard way. Hopefully you will take what I am about to say seriously, because someday you will get hit by ransomware, and when you do, you will want to try to minimize the damages and disruptions.
As long as the bad guys are making money, the threat of ransomware will not go away. So what can we do to ensure that they are unsuccessful and that you go through as little pain as possible?
The best we can do is:
1) Stay as vigilant as possible and try not to fall for phishing attacks. If something sent to you looks risky, call the sender to determine the validity of the document before you download and open it.
2) Make sure you have an effective anti-virus program running and that it is up to date.
If you fail to do these two things, ransomware can be loaded onto your system, encrypt your files and demand that you pay anywhere from $100.00 to $500.00 to unlock them.
At this point, those files are as good as gone. This is where backup frequency and quality really matter. If you can go to a backup and restore your files, you will want to do this carefully, because you don’t want the malware to also be installed on the new computer where you will be performing the restoration.
Quick sidebar: Keep in mind that if you use a service like Google Drive, Dropbox or even SkyDrive, you have a mirror of your files in the cloud, and if the ransomware encrypts your local files, it will trigger the mirror process and the files in the cloud will also be encrypted. Some services like Dropbox have a Packrat feature that allows you to restore to any previous version of the file, which can help in a situation like this.
You are a wise business person and I can already hear you saying, “Well, if it is only $100.00 or so to pay the ransom, I’d spend more than that on a backup service, so maybe I should just pay it and play the odds of not getting hit again?” This is the wrong approach on so many levels. Here’s the deal: ransomware is just one of the disasters that could happen to you online these days, so it is important to have a solid disaster recovery plan in place. Don’t wait until it is too late.
Think about what you would do if your files were suddenly lost, either maliciously or accidentally. Determine what your action plan would be, and you will be better prepared to handle this scenario should you be faced with it in the future.
Blog by Tim ‘TK’ Keanini at Lancope.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.