Post courtesy of Steven Walker, Foresite Security Operations Center Security Analyst
CryptoLocker and CryptoWall trojans are causing all kinds of trouble, not only for consumers, but businesses as well. It is important to know what to do to protect yourself from these nasty malware beasts.
Let’s talk about what ransomware is and how to avoid getting it. Ransomware is a type of malware that prevents or limits users from accessing their system. Then it demands that the user pay a ransom to the operators of the malware to remove the restriction by way of online currency such as Bitcoin. There are steps to protect yourself from being infected:
1) Confirm that you have security software installed and most importantly up to date with a current subscription. Remember with the thousands of new malware variants running every day, having a set of old virus definitions is almost as bad has having no protection.
2) Make sure all the software on your system is up-to-date. This includes the operating system, the browser and all of the plug-ins that a modern browser typically uses. One of the most common infection vectors is a malicious exploit that leverage a software vulnerability. Keeping software up to date helps minimize the likelihood that your system has an exposed vulnerability on it.
3) Verify that you are leveraging the full set of protection features delivered in your security products. For example, are you monitoring edge devices and critical servers to capture alerts within their logs?
4) Under no circumstances should you to open email from a sender that you do not know or that has odd characters in the subject line.( In some cases even having your “preview” pane on can set off the Trojans and infect your device).
5) Critical data should be backed up with multiple sets of data in case of infection. If your only back up is also corrupted, you will have no option to retrieve your data unless you pay the ransom and are able to decrypt it with the key the hacker provides.
If you do find yourself infected with any of these types of malware you should contact your IT or Security Operations staff immediately. If you do not want to lose your data and/or pay the ransom, which is up to the controllers of the malware if they give you your data back, make sure you have your data backed up on another device or in the cloud.