MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

Cryptolocker Is Evolving...and It’s Getting Smarter

Posted November 24, 2014by Hunter Smith

monstergrow
Viruses, diseases and bacteria evolve in our natural world, so it’s only fitting that malware, hacker scams and computer viruses evolve too. By now, you’re hopefully familiar with the Cryptolocker virus, a type of ransomware that will hold your files hostage until you pay a ransom in the form of currency and/or Bitcoins. However, the latest versions show that it has become smarter – which can be a bit scary for MSPs and IT security professionals.

How Has Cryptolocker Changed?

While the computer virus isn’t evolving on its own, hackers have adapted the scam in hopes of increasing its effectiveness.

The latest version now lets you view a list of your encrypted files and gives you the option to decrypt one of them completely free of charge. What a deal, huh?

Here’s an example of one of these scams. Notice the “One free decrypt!” button below the timer.

Cryptolocker-blog-example

Source: http://regmedia.co.uk/2014/11/18/dg0uvit.png.


Why One Free Decrypt?

Cryptolocker does a very effective job at scaring you into paying the ransom. They threaten to double the cost to unlock every 24 hours, and also say that the private decryption key will delete in 30 days, creating a sense of urgency. 

But who actually trusts a piece of malware to say it’ll do what it’s going to do? 

Well, that’s exactly the goal of this “One Free Decrypt” option. If a user can safely decrypt one of their files, it helps them trust the program. They may say to themselves, “Hey, this program may actually give me my files back at the end of this.” Instead of risking their files being lost forever and/or the price doubling, the user may just pay the $500 ransom fee in hopes of being done with it. 

I can’t stress this enough: DON’T PAY!!! No matter how many free files they give you back.

What to Do If You Are Infected

Think it can’t happen to you? It happened to the City of Detroit. Ransomware can hit anyone and it’s important to know what to do if you are infected. 

I wrote a blog on this topic about a year ago and provided 4 steps to take after a Ransomware infection. These same steps still apply for the newer versions of Cryptolocker.

Here’s a quick recap from that post.

  1. Ignore the ransom demand - Don’t even think about paying the ransom. There’s no guarantee they’ll return your files after and it could just lead to you becoming further infected.
  2. Remove the Ransomware from your computer – While Cryptolocker may seem threatening, it’s just like any piece of malware. There are a number of companies and tools that specialize in removing malware. It’s wise to remove the Ransomware as soon as possible in order to minimize the risk of your device becoming further infected.
  3. Update your antivirus, anti-malware software and patch your OS – If you became infected, there’s a good chance it was because your protection software was out-of-date. Make sure you update immediately after an infection of any kind.
  4. Update your passwords – There’s no telling what sorts of info the malware program had access to while your device was infected. Changing your passwords is a good idea in order to ensure additional security moving forward.

For more info on these steps, you can check out my original blog post.
 

Always Backup Your Files

Another important tip to remember is to always backup your files. There’s a good chance that you will suffer some file loss and/or damage after an infection, which is why you should always have backups on an external system, either another hard drive or in the cloud – or both. If your files are taken hostage, they will be safe in another location. 

I wrote another blog post about how to avoid a Cryptolocker infection, which provides some proactive measures you can take to help prevent an infection. I recommend giving that one a read as well.

 

Conclusion

Malware is constantly changing. Hackers are smart and have many strategies for infecting machines. Additionally, most of these scams try to take advantage of human error, rather than errors in security software. It’s important to stay aware of the most relevant and most common forms of malware in order to best protect yourself. Also, be sure to keep your security software and OS patches up-to-date, as those are often updated based on recent security vulnerabilities.

Lastly, if you do find yourself infected with Cryptolocker, DO NOT PAY! Follow the steps above ASAP and you should be able to get your files back with minimal damage.

As Chief Information Officer (CIO), Hunter is expected to take Continuum's IT operations to the next level of performance as our company continues its rapid growth and expansion. Most recently, Hunter served as Senior Vice President and Chief Technology Officer for Acadian Asset Management. Prior to Acadian, Hunter held positions at Plymouth Rock Companies as Director of Enterprise Technology Services as well as positions at Hobbs/Madison, MFS Investment Management and CSC Consulting. Hunter has a bachelor’s degree in computer science from Dartmouth College. He is responsible for all IT resources for Continuum’s U.S. and India locations.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus