MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

Cryptolocker Continues to Plague Email Inboxes

Posted November 27, 2013by Hunter Smith

No matter how many times our email clients warn us of a potentially malicious email, people still seem to open them anyway. Sure, sometimes it's just a harmless link, but opening these emails is how computer viruses spread throughout the Internet and cause damage to countless information systems.

That’s why the Cryptolocker malware, which is called ransomware, is thriving despite it becoming very well known over the past few months. Ransomware gets its name from the scam that essentially holds those infected hostage by claiming that in order for the victim to get their data back they need to pay a ransom. As you might guess, paying the money is no guarantee that the damage will be undone.

 

What is Cryptolocker?

Cryptolocker is spread by fake email with attachments such as voicemail.mp3, invoice_scan.jpg and others which have a hidden file extension that Microsoft Windows executes as a program.  As of November 18, there have been more than 12,000 Cryptolocker victims in less than a week, according to research done by security technology company Bitdefender Labs. Once executed and ultimately infected, this malware encrypts files on the system using asymmetric encryption which requires a public (encrypt) and private (decrypt) key pair.

With the files encrypted on the system, the user has no access to them unless the private key is obtained which will cost money and must be paid within a specified timeframe or the private key is destroyed and access will be lost forever.

Malwarebyte Unpacked lists the file extensions targeted include those commonly found on most PCs today; a list of file extensions for targeted files include: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx.

Even for non-tech people, there are some common, and critical, file extensions on this list.  Unfortunately the ransomware craze may have just begun and it is getting some serious traction according to an article from SC Magazine:

 

So What Can You Do?

 

There are various web resources providing prevention and mitigation techniques, below is a collection of the leading practices that are consistent across most of them:

  • Use caution when reading emails from untrusted sources with web links or attachments as they may execute malicious code when accessed or opened
  • Keep operating system and software patches up to date
  • Ensure that antivirus and anti-malware software update automatically
  • Regularly backup information and systems to reduce the impact if an infection occurs
  • Implement a Software Restriction Policy to prevent against various types of malware and not just Cryptolocker

In the end, many think that the simplest way to make this go away is to make sure that the ‘bad guys’ don’t get any money. Trouble is, logic may be the first thing out the window when talking to someone who just found out his or her data is being held hostage.

If you need to study up, there is a growing online library of information like this full overview from bleepingcomputer.com.

 

Other Resources

There are many security vendor resources and blogs that are keeping information up-to-date on the activities of Cryptolocker.  Below are just some of the ones that can be referenced for this information.

 

So tell us, have you come across this issue yourself? What was the result?

read more about cryptolocker

As Chief Information Officer (CIO), Hunter is expected to take Continuum's IT operations to the next level of performance as our company continues its rapid growth and expansion. Most recently, Hunter served as Senior Vice President and Chief Technology Officer for Acadian Asset Management. Prior to Acadian, Hunter held positions at Plymouth Rock Companies as Director of Enterprise Technology Services as well as positions at Hobbs/Madison, MFS Investment Management and CSC Consulting. Hunter has a bachelor’s degree in computer science from Dartmouth College. He is responsible for all IT resources for Continuum’s U.S. and India locations.

Topics: Industry News

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus