As of June 1st, 2015, there are recent online articles saying the Cryptolocker threat is over… and to those fellow tech bloggers I would jokingly ask – what is the color of the sky in your world? It is correct that the original group behind the plague was disassembled a year ago by a joint US-EU ultra-nerd taskforce, but like Number 5 in the movie Short Circuit, “Cryptolocker is alive!“
Unfortunately, Network Medics is still seeing that Cryptolocker variants are still out in the wild. For instance, just last Monday we had to recover a marketing company’s file server with VitalBackup from an attack. Thankfully they are back in action and fully recovered.
For those that are still on level 68 of Candy Crush Soda and haven’t heard about what this virus, or what ransomware does, it targets computers running Microsoft Windows (sigh). It encrypts and takes hostage of some or all local and mapped folder shares. It then expects a payment to remove the encryption. Yep, yuck. Still the best defenses are some basic steps you can do and importantly, a professional class backup solution like our VitalBackup product.
Although the hacker group behind Cryptolocker has been dismantled, if you think this battle is over, think again. The customer that we restored on Monday was a victim of a Cryptolocker “copy cat.” It did the same thing, but looked much different and was obviously from a new individual or group taking the reins.
On top of the copy cats, the more frustrating news in recent weeks is now a tool called “Tox” available on the dark web that will allow even the most freshman of hackers the ability to create their own version of ransomware. Tox is essentially SaaS, or software-as-a-service and the Tox group apparently takes a 15-20% cut for budding criminals of any computer skill level that get paid a ransom using their product.
Bored? OK. Enough geek speak, here is what you can do:
- Remove your email address from your website! If you want somebody to contact you through your website, talk to your web consultants about using forms. It not only makes the interaction more secure, but it keeps a communications log that is useful and has some search engine optimization tracking benefits as well.
- Use your corporate or primary email address only for important correspondence and do not give it out to those that don’t need it. E.g. banking, financial, clients, internal corporate email. Use a backup email (like kevin-spam@(yourawesomedomain).com) address to use online or for things like social media, forums, shopping, Netflix, your aunt’s funny forwarded emails, mailing lists, etc.
- Use a professional spam filter that looks for phishing, ghosting, viruses and uses what is called the DNSBL or black lists.
- Make sure you are utilizing a good backup and disaster recovery plan. Our VitalCare Managed IT Solutions all come with technology planning that utilize all the tools needed for protection and recover. If you are an individual reading this, utilizing a hidden share and multiple backups that are not connected to your PC at all times are recommended. An archival external hard drive of your pictures in an alternate physical location is recommended.
- Keeping your PCs, its operating system and all applications like Anti-Virus, Anti-Malware, and firewalls up-to-date is absolutely essential. If you are still using a PC with Windows XP, please seek out a therapist as you must enjoy pain.
- Be aware. Use your gut. If a website or email looks suspicious, it probably is. The content of a website or an email is the portion to look at closely. …6.5… iPhone users can now add an additional 15% more smugness. Android now has its first Cryptolocker variant. Simplocker encrypts files on your Android phone. So, review #6 again and make sure you practice that on your Android phone or risk losing photos and content that is not backed up off of the phone.
At this point Network Medics is optimistic that ransomware may meet its match in the next few years. With the advent of Tox and copy cats, however, this may require a new tool or software to prevent it down the line unless the anti-virus companies can finally nip this one in the “boot”. L33t hackers are extremely intelligent and motivated, so it is about time they are taken more seriously than they have been in recent past. From a hacker’s perspective, this stuff is their art. You may not like or understand why, but I also don’t like country music, they make a lot of money too and it hacks my ears.
Written by: Kevin Calgren, Partner