First of all, the name Cryptolocker is only a variant of the malicious software called ransomware.The name was made famous as it was one of the first kind of Trojan virus to lock your files and hold them ransom. Hence, the name ransomware.
You've probably heard of someone or some business being victimized by ransomware. You may ask, "So how come so many people or businesses become victims?"
The majority of the ransomware find their way to your computer via phishing attacks. These are attempts by scams to trick you into giving out personal information like credit cards and banking information.
The delivery is typically through an eamil. However, the email usually looks benign like the example below:
There is usually lack of information on the email. In fact, the attachment is not infected therefore the Antivirus and AntiSPAM don't catch them. Now, this is a perfect example of an email you will delete, since you might think "I don't do business with Saudi Arabia!"
Click here to make sure yournetwork security is solid and not vulnerable to any of these malicious attacks.
However, what if the email was a fake email from UPS with an invoice for a delivery from a location your company does business with? Most would be able to tell it's fake and would be more inclined to reply to the email and find out what is happening. The reply will then typically have web links to connect web portals. These web links will not connect to UPS web portal, instead, it will not load a webpage at all but launc behind the scenes a script from the browser. The script will deliver the virus that loads the ransomware software. There are even news reports suggesting ransomware can infect on computer even without the need for user clicking on anything.
"It's hopeless! How can I prevent myself or my company from becoming a victim?!"
Well, it's simple:
1. Make sure your computers and servers are patched
2. Have a good backup with extensive retention periods
3. Ensure the administrator access permissions are limited
So some that might be as simple as picking a lock on your front door. I'm sure you've seen it done a hundred times on TV. "Looks so easy!"
Or is it?
1. Patching requires periodical scheduled action. You must remember every month or two months or automate the patching. "How do you automate it again?"
2. Backup, ok. Which software is the best for that? And how long to extensive?
3. You must engage all your stakeholders to ensure the system will operate properly as you limit administrative access permissions. "Oh, how do yoiu know who has administrative access?"
In my opinion, there is one other aspect for not only preventing ransomware infections but virus infections as well. It is education. Finding the answer in one place is no different than find the answers to the above three questions in one place. It will require time to research the answer.
Talk to us about making sure your network is resilient and solid against malicious attacks such as phishing and cryptolocker. Click below to book an appointment for a network assessment and we can tell you just how vuulnerable your system may be to these.