Hackers are getting smarter, taking advantage of tactics used by criminals for centuries.  Ransom and extortion have long been used due to the way they invoke very personal feelings of dread and loss.  We all know it’s bad to give money to bad people who’ve done bad things, but nonetheless it’s a very effective means of getting what you want.

Cryptoviruses typically inject a hidden program onto a computer which quietly scans the local machine and the network for anything it can reach and modify.
It then uses a secret password to encrypt these files. Locking you and everyone else out of them unless the ransom has been paid.
To add insult to injury the hackers only allow give you a certain amount of time to make this decision or risk losing your data forever.

To complicate things further, the bad-guys often require payment in a currency form of crypto-currency called Bitcoin, which can take 7-10 days to fund from your bank account.  This delay is due to the non-regulated nature of the bitcoin industry.  You cannot purchase cryptocurrency via credit cards and banks are not big supporters either, often resulting in you using your life savings to get your data back.

Making matters even worse (oh yes), over time the ransom may go up, leaving you having to guess how much cash you ultimately need to convert into bitcoin currency.  If you don’t allocate enough and the key expires, you’re done.  If you allocate too much, it may take months to convert it back into legitimate currency.

Doesn’t antivirus help?  Sometimes.  But with zero-day attacks becoming more common, it’s nearly impossible for vendors to stay on top of the threats.  In a recent attack against The Toll Group, a semi-new version of the virus known as Nefilim was introduced into their IT systems rendering them useless for the second time this year.

Education is the best method of protection at this point.  Since these threats occur in real-time, it’s important to train users about how to act when they receive a seemingly innocuous email, especially when it comes unexpectedly.  It’s also an opportunity to leverage the tools you already have.  Many of the firewalls we deploy today have the option to strip and/or block scripts from within documents.  Unfortunately, many clients feel this is a hindrance, as the scripts may be key to the functionality of the attached documents.  However, this is one of the most common methods of delivering the fatal cryptovirus blow.

So what do we suggest?  How do you avoid cryptolocker viruses?  Tighten up all of your perimeter defenses.  Ensure that firewall settings are as restrictive as you can possibly live with (this includes content filters, blocking known bad sites, etc.).  Ensure that your users do not have more computer administrative rights than they need.  Implement document/content management tools to put an added security layer between your users and your documents.  Implement maintenance windows to allow for security patching on a regular basis.  The old idea of “don’t fix it if it isn’t broken” should be thrown out the window.  Security patches have a purpose and at a minimum, these should be implemented as soon as possible.

The main solution to any kind of virus that is (for the most part, the digital version of Covid-19) are backups.
You must align yourself with a proper service provider who has your best interests at the forefront of their mind, 24×7.
It is not enough to consider backups today and get to it when you are ready.
Viruses do not wait until you are ready and are very good at timing it just right as you are getting your backups ready.

Finally, implement a business disaster recovery process should all the above fail.
Another service from your trust-worthy IT provider that should help when you need it.