The FBI’s Internet Crime Complaint Center (IC3) has issued an alert warning businesses and individuals about the continued spread of cryptographic ransomware.
Ransomware is a type of malware that restricts access to the computer system that it infects and demands ransom paid to the creators of the malware to have the restriction removed. The two most popular forms of ransomware — CryptoLocker and CryptoWall — have totally changed the landscape of computer malware in the last year and half.
When CryptoLocker and CryptoWall infect a system, they will encrypt any personal files and documents that they will find with a secret encryption key and delete the originals. It will then pop up a polite, professional wizard asking you to spend money to get your files back.
The high infection rates in conjunction with fact that as much as 30 percent of the victims end up paying the ransom, have made CryptoLocker and CryptoWall the most profitable ransomware ever created to this date. Additionally, these easy profits pretty much warrant a very long lifetime with new spin-offs and variants popping up every week in an effort to avoid detection and keep this money making machine alive.
CryptoLocker usually starts out like most other malware, as a drive-by download or an email attachment. For this reason, the safest and most effective way to block them is by using a good anti-spam solution combined with a good Web filtering solution.
CryptoLocker and its variants mainly target personal files, such as documents, photos, videos, etc. With so many variants surfacing all the time, it is pertinent to have reputable antivirus software in place that updates definitions regularly. The high infection rates illustrate the importance of keeping computers up-to-date so old security flaws have patches applied in a timely fashion.
Continued security awareness training for employees is also crucial. Do not click on links inside emails, and avoid opening attachments unless you are sure about the source. It is very important to understand that navigating to a malicious website under certain circumstances can be enough to start an infection: no need to download and run a file, no need to click anything once there. Malicious ads on a website can be enough to get you infected. This is why security education plays a major role in preventing infections from happening in the first place.
In some scenarios, it is necessary to wipe a machine clean and restore the infected data from a backup. Security is all about layers, so backups with different, frequent recovery points are another layer to make sure that your data will always be there when you need it.