Anyone that knows us here at CSS understands we don’t overreact to virus threats.  Throughout the years there have been a few that have caused mayhem but it is rare that one comes along that will destroy a business.  Cryptolocker is a serious threat to every business.

We have written about Cryptolocker before, but we feel we must reiterate how dangerous this threat is.  Cryptolocker is a malware/virus that infects Windows computers through a web link, zip file, or other method.  Once that “application” is initiated it quietly begins encrypting every file it can find.  The infected person may or may not notice they are infected, so the damage can continue unnoticed and destroy every file that user has access to.  In a corporate network environment that means every client file, every research document, every database, ANYWHERE that user has access.  This means the files you are using can be encrypted by someone else on your network.  While Macs will not be directly affected by the virus, their data can be affected by the Windows user that is infected if they have access to the same data.  We cannot understate how destructive this virus is, imagine every file you or your coworkers have ever created becoming encrypted.  There are no tools to decrypt the files, unless their is a ransom system in place and a third party decrypts, it’s not like recovering a deleted file.  Now with that being said what can you do to mitigate this threat.

If a user detects or even thinks for a second they may have opened some malware that launched this virus, it is imperative that they IMMEDIATELY pull the power plug on their computer and unplug their network cable, then call a support professional to minimize the damage.  (Here is a link to the wikipedia article “cryptolocker”).  Communicate this to everyone that uses your network, even cloud files can be infected if they are shared/mapped to a windows computer.

Prevention and planning are the best way to stay ahead of this threat.  The first wave of crypto started in 2013, and it has morphed and been released in various ways, we see this threat being around for a long time.

Email and Firewalls.  At a minimum every Windows based computer needs anti virus (even though several products did not and have not detected this virus).  All email received should go through a filtering service that blocks malware, grades spam, utilizes grey listing, and scan’s for virus threats.  Your business should have a business grade firewall and a subscription to a gateway antivirus/malware solution.  We have used and endorsed Sonicwall for years and they are highly effective at blocking and mitigating this threat.  A gateway solution can be kept updated while user antivirus apps at times go months before they update.  These threats need near instantaneous response, if a new version comes out in an hour, your vendor better have a patch by the end of the day.  A gateway solution is worth every penny, and in our opinion more important than local antivirus on the computer, albeit laptops that leave the premise need to have antivirus.

Archive your data!  If you have client files or data that you keep for extended periods, and they don’t need to be edited, move them to a secure archive.  Create a separate archive location where users either do not have access, or the access is read only to prevent damage to those archives.  Have a super user/admin level login that is only used to move those archives in place.  Another option is to place the files on an external device and remove it from the network/PC after archiving.

Backups, Backups, Backups.  These are your number one failsafe if you become infected.  A simple backup of copying files to another location, or a simple external USB backup won’t help you.  If the computer that becomes infected can see the files (even backup files) they will become encrypted.  Backups should be remote, isolated to a backup user, and versioned with archival backups.  If you just have one backup copy it is highly likely you will overwrite your good data with the encrypted files before you notice the affects of the encryption.  Every company and user should have daily, weekly, and full monthly archival copies.  We encourage our customers to have 6 month and annual copies.  Remember! These backups should be remote, and not available via a shared drive and the only permissions should be for the backup user.  In recent months we have had multiple occurrences of Cryptolocker, fortunately our clients have been using our methods and our backup product ZenGuardian to push their data onto remote servers, and recovery has been available.  Recovery is not pleasant or easy, and restoration may take hours, or even days depending on the amount of data affected.  If you have hundreds of gigabytes, or terabytes of information on your backups, you will need a fast path to restore your data, thats where a local mirror, and an offsite copy of the backups will help.

As always we hear at CSS are ready to help, we prefer preventative methods, but when it all goes downhill give us a call.