London Computer Centre Ltd 0207 7800 100

LCC.'s IT News Blog

Cryptolocker Prevention

Posted by on in IT News
  • Font size: Larger Smaller
  • Hits: 1434
  • 0 Comments
  • Subscribe to this entry
  • Print

Cryptolocker is a nasty recent incarnation of ransomware. It  encrypt data on your PC and gives you 72 hours you to pay a ransom in Bitcoins or Moneypak to have the data decrypted.

It is often transmitted through spam email with headings claiming to come from UPS"USPS - Missed package delivery" or a message such as "Scan from a Xerox WorkCentre". Otherwise this malware can infect machines through infected websites ( 'drive-by attacks' ) or machines already infected with trojans.

 

To avoid losing data it is a good idea to do or have the following:

Make sure you have backups of your data through a secure program with encryption such as Acronis or Arcserve or a cloud service. Windows XP SP2 to Windows 8 users check that system restore is on and is working as you may be able to recover your data using this after an infection.

Make sure your antivirus is up to date ( though I have known this virus get around well knonw and respected anti-virus packages depsite heuristics )– does it have a spam filter or is your spam filtered at server level? the virus may still get through if it's signature has changed or through a previously unknown security hole in the users OS or in a program ( 'zero day attack' ).

Importantly, deploy security policies through your active directory on your Windows server or on your local machines if you do not have a server. See the links below on how to achieve this or call LCC to do it for you. test these to make sure your programs can still function correctly as you may need to add exception rules.

Does your Exchange server have a decent spam filter to catch the emails which are likely to have these and other nasty attachments. or you can uase a hosted solution. Contact us for details.

Resources:-

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information for comprehensive guide which includes how to lock down your PC.

The generous people at Third tier have created a Cryptolocker Prevention Kit for Active Directory deployment http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit/

Crpytoprevent, a program to stop Cryptolocker executing is available from Foolish IT http://www.foolishit.com/vb6-projects/cryptoprevent/ 

 

 

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Saturday, 18 November 2017