"Nice filesystem you've got there. Be a shame if anything... happened to
it. Know what I mean?"
It's a stock phrase used by thugs in extortion rackets in
countless movies, TV shows, and video games.
It's also exactly the threat that Cryptolocker presents. Cryptolocker is malware that when activated
will encrypt all the files that it can write to, and hold the decryption key
hostage. If you pay the thugs the
extortion money before the clock runs out, they give you the key, and you get
your files back. If not, your files are
gone for good.
The media love using the countdown timer in Cryptolocker
as a background, all the while talking about this new threat, and how the
government should be doing something about it.
Except of course that it isn't really new. It's just the latest way that criminals have
found to monetise malware now that the fake-antivirus market is drying up. And it won't be the last.
Don't get me wrong, it really is a serious problem both
for individuals and for business, but it is relatively easy to avoid, and even
possible to recover from without paying the criminals, but only if you plan
ahead. Here's the plan:
1. Patch
everything.
Most malware uses known vulnerabilities in operating
systems and software applications to take over your computer. If they are patched, they block the initial
attack.
2. Run current and
up to date antivirus on all computers.
If the criminals can't use an unpatched vulnerability,
they will try to install the malware by tricking you into clicking on a bad
link, or opening a bad attachment. If
you are running a current antivirus solution from any reputable vendor, then
the vast majority of this sort of malware will be blocked before it can be run.
3. Make regular
backups and ensure the backups are offline.
Even in the worst case where the malware has encrypted
all of your files, the criminals aren't the only place to recover them from if
you have a recent backup. While it's
very convenient to keep a USB backup drive connected to keep the copies, if you
can write to that drive, then so can the malware. After you've made a backup, disconnect the
backup drive.
4. Restrict user
access to read-only everywhere except where required.
Cryptolocker will encrypt every file on every network
fileshare it can write to. In a business
most users should not have full write access to all the corporate data
repositories. Restrict access either at
the share level or the filesystem level.
5. Have a response
plan.
When the worst does eventually happen, and all the protective
controls fail, having a plan means that you won't make the situation even worse
by panicking.
Remember the threat over the next few weeks is no
different from the threat over the last few weeks, or months, or years! The media just has a new bone to chew on, but
the defences are exactly the same as they have always been. Just don't pay the criminals.