Three Ways to Avoid Cryptolocker Malware

30 April 2019 by UKFast

Cryptolocker is a Trojan horse malware threat that has gained notoriety over the last few years, after it was first used to maliciously attack Windows devices in 2013.

But how does this attack work and what could it mean for you and your business? Crucially, how can your organisation prevent an attack which could have a detrimental effect on your business data?

Let’s find out.

How does Cryptolocker work?

Cryptolocker is a type of ransomware typically spread through infected email attachments. As a Trojan horse it infects computers running Microsoft Windows and searches for files to encrypt. This includes anything on your hard drive and all connected media e.g. your USB sticks and shared network drives.

When a computer is infected, a central server is contacted for the information it needs to activate. Files are then ‘locked’ and encrypted on the infected computer with that information using asymmetric encryption. This encryption relies on two ‘keys’ – a public and a private. Hackers encrypt your data using the public key but it can only be decrypted using the private key they hold. When the files are encrypted, you’ll receive a message from the hacker asking for payment to decrypt the files. The hacker threatens to destroy your information if the ransom isn’t paid.

As with every cyber-attack, prevention is better than cure. So, what are the best practices your organisation can undertake and maintain to ensure you don’t fall victim to Cryptolocker?

1.      Back up everything

This is pretty obvious but is often overlooked. We recommend using cloud storage backup, like eCloud® from UKFast. Cloud storage allows you to restore previous versions of your files and is the safest method to keep control over your data.

Failing this, keep your backups separate on an external drive or backup service. This is the fastest way to regain access to your files if an attack occurs, so make sure you deploy and maintain a comprehensive backup solution.

2.      Monitor servers and applications

It’s vital to make sure all your applications are patched and up to date with the latest and official updates. You need to be aware of what’s going on in your server environment. If your CPU is running at 100% constantly or file share servers are experiencing a heavy load for no reason, spotting unusual behaviour quickly is key. Monitoring your server for such instances means you don’t end up in a position where you have to fully restore your full file server.

3.      Educate staff and manage privileges

Effective cybersecurity always comes back to education. Training your staff on good email practice is vital to preventing Cryptolocker attacks. It’s important to implement procedures from the bottom up.

• Start with how to detect a malicious or fake email request. Make sure your staff understand and can recognise suspicious content, and know not to open anything unusual.
• Don’t run a nonspecific .exe file in an email, including suspicious invoices and Word documents attached to emails.
• Manage admin privileges among your network’s users – not everyone needs access to everything. If your system is hit with a Cryptolocker, you will need to know as quickly as possible which of your users ran the malicious file.

Want to know more about how you can protect your business from Cryptolocker? We take your security seriously at UKFast. Our wide range of security solutions are designed to help protect your business from malicious online threats.