Hundreds of companies across Australia are being affected by Cryptolocker ransomware. Ransomware is malware that firstly encrypts all of your files and then demands a ransom before reinstating them.
In most cases when you pay the ransom you will be letting the perpetrators know that you are willing & able to cough up the money. This will encourage them to come back for more!
How does this malware get on your network? Phishing email scams are the most likely entry point for ransomware. Emails that look like genuine correspondence from companies such as Australia Post or Telstra, entice users to click links that, to the untrained eye, appear to be doing nothing. Once that link is clicked, the process of infection has begun.
Why is your AV not detecting it? Anti-Virus works by analyzing signatures of programs running on your computer. It has to have the signature in its database in order to detect the malware running and remove it from your system. New variants of ransomware are created all the time making it almost impossible for your AV signature database to keep up.
What can you do?
Prevention is better than Cure!
Your employees are your first line of defense. Educate them on how to detect Phishing scams to avoid becoming victims of malware.
Utilise a zero-day attack prevention mechanism that does not rely on signatures to detect malware. These systems can run suspicious looking files in a “sandbox” environment, isolated from your files, to diagnose whether the executable is malicious or safe.
If the sneaky bugger get’s past your defences...
Appliances that conduct behavioural analytics will be able to identify if a particular user is accessing files in a suspicious or unusual manner. Malware systematically accessing and encrypting files will be identified as suspicious. Once this behviour is recognized, some appliances can be set to automatically block access to the infected user or throttle their access. This can give your IT department time to disconnect the device from the network and limit the number of files accessed by the malware.
Ensure that you have endpoint protection. In order to detect which computer on your network has introduced the malware, you need to protect your endpoints. This will help you isolate the device from the network before it encrypts everything and allow you to remove the malware from the infected device.
Ensure you have an adequate business continuity plan in order to minimize downtime and its associated costs to your business.