Fighting CrytoWall – The ransomeware battles continue!

By NE Docs | July 13, 2016

Fighting CrytoWall - The ransomeware battles continue

In the fall of 2014, a relatively large New Hampshire manufacturer had all of its windows based computers attacked by a hideous computer virus. All company data was locked up; completely inaccessible and held for ransom. Virtually all operations had to shut down. A text message appeared on every screen of the company’s 100 + workstations. It was a simple set of instructions for how to pay a ransom in Bitcoin in order for the data to be safely unlocked and restored.

Because of very high production overhead costs, the situation was urgent and dire. Every hour of lost production was draining the firm of thousands of dollars. They had 2 lousy choices: Pay the ransom or call in a computer security/forensics team to attempt to isolate and solve the problem – which would take too much time and additional money.

A decision was made to pay the ransom – a hefty sum but low enough to make immediate payment for such an enterprise feasible. These criminals know what they’re doing. Fortunately for the manufacturer, the data was unlocked as the note promised. Oh, isn’t that nice of those cyber criminals? Pick an innocent target, transparently extort them, leave them injured, and get away with it! The company has since taken robust and costly preventive security measures.

Ransomware threats adapt and evolve.

The particular malware in this true story is called Cryptolocker, a type of ransomware which basically kidnaps your data and holds it for ransom. Cryptolocker posed a very high threat to businesses and individuals during 2014 and 2015. According to CNN-Money, the FBI, foreign law enforcement and private security companies collaborated to cut off communication between the Cryptolocker botnet and victims’ devices. Essentially they seized Cryptolocker’s servers and replaced them with their own benign ones. But that only stopped the virus’s delivery system.

Another form of ransomware – a copycat of Cryptolocker called CryptoWall has emerged and is wreaking similar havoc, but CryptoWall presents a unique and current threat. Unless detected and stopped prior to malicious encryption, your data could be lost forever. Its decryption key is separate from and untracked to its encryption key.

CryptoWall spreads mainly through phishing scams and spam campaigns that tempt users to click an infected link or open an e-mail attachment. The CrytptoWall cyber-criminals seem to be rather marketing savvy as they’ve also included code in website ads to increase the virus’s distribution. It even uses localized messages to target its victims. Once access to your network is gained, you’re in for a major hassle or worse.

Protect your data from ransomware!

Sophisticated malware such as CryptoWall have the advantage of advanced infrastructures that can resist counterattacks. These criminals are using multiple servers and setting up layers of defenses that significantly delay take-down efforts by the “good guys,” so your first protection is a good defense.

How do you defend your business against CryptoWall and other ransomware? Fortunately you can take preventive measures which include malware awareness and prevention techniques. Heimdal Security, a global data protection firm, suggests several common sense steps you can take to prevent CryptoWall from infecting your computer and network:

  • Never access links in e-mails from people you don’t know and do not click links in e-mails from unknown e-mail addresses. This is the primary CryptoWall entry point.
  • Back up your important data and keep the backup in a different location from your actual operating system. If your OS is infected with CryptoWall, you will not be able to access the backup.
  • Make sure your security solution detects and blocks CryptoWall. Ask your security specialist specifically about this.
  • Adjust your browser security settings for higher malware protection levels online.
  • Keep your Windows operating system and your vulnerable software up-to-date with the latest security patches.
  • Keep your anti-virus and anti-malware software up to date.

These are just some of the basics of ransomware protection. If it’s too late and your network has been infected by CryptoWall, your best bet may be to hire a computer forensics specialist to isolate and remove the virus as well as decrypt your files. Most official authorities advise that you do not pay the ransom because it only encourages more of the same crime, increasing security threats and costs to everyone.

New England Document Solutions can provide your organization with a solid backup solution for all of your important data and documents, even in the event of a ransomware attack. Our ImageSilo cloud-based enterprise content management (ECM) system keeps your data backed up offsite in triple redundancy. Your files are safe and accessible on demand in the cloud. You can enhance your security, gain instant access to data, and simplify your recovery if your system is ever hacked.

Do you have questions or concerns about CryptoWall and other malware? We’re always here to help and welcome your inquiries.

Leave a Comment

Your email address will not be published.