CryptoLocker: What You Must Do to Protect Your Company
From its introduction in 2013, CryptoLocker has represented a critical shift in the way malware works. It was not the first example of ransomware to meet the public, but it was the most widespread and the most lucrative one.
Computer manufacturer Dell, through its SecureWorks cybersecurity arm, estimated that CryptoLocker victimized anywhere between 200,000 and 250,000 systems, making its owners about $3 million in the process.
CryptoLocker’s owners were able to extort these massive gains from innocent users because of a key difference in the way the application works compared to the ransomware strategies of the past. This difference has since cast a wide shadow over the cybercrime industry, influencing and informing further generations of cybercriminals since.
By taking a look at this codifying example of ransomware, you can derive useful insight into how to protect your business from becoming a victim of extortion. Whether trying to decrypt CryptoLocker or remove one of CryptoLocker’s new variants from your computer, key information will prove vital to the process.
What Is CryptoLocker and Why Is It Special?
Before CryptoLocker, ransomware was not particularly threatening to business and commercial Internet users. Ransomware owners would typically target regular users on their personal PCs and convince them that they have to pay a fine to decrypt their files or else face prosecution for pirating music or downloading pornography.
The scheme was simple, and it generally only worked on uninformed casual Internet users who fell for the ruse, believing that the FBI or some other law enforcement agency was snooping through their personal files.
This rudimentary approach relied more on a social engineering approach than on the power of the actual software encryption – which was rather weak. Most victims could simply ignore the demands and use an anti-virus to decrypt the system.
But CryptoLocker added a new dimension to cybercrime. This ransomware application features certified cryptography delivered by Microsoft’s CryptoAPI. This is no amateur, custom-coded encryption – it is professional-grade encryption that is nearly impossible to break.
CryptoLocker is also unusually aggressive in the way it searches for files to encrypt. It will encrypt all of the victim’s personal files first, and then start looking for external drives and mapped network drives to attack.
This development came along with a shift in strategy away from personal users and towards business professionals and their organizations. The cybercriminals responsible lured many of their victims to download the Cryptolocker virus through fraudulent consumer complaints delivered through email.
CryptoLocker Removal and Prevention
If you are looking for ways to remove CryptoLocker from your system while keeping your data intact, you are in luck. In 2013, Kyrus Technologies, in partnership with FireEye and Fox-IT, were able to reverse-engineer the application and develop a tool for decrypting files locked by CryptoLocker.
Take note that these cybersecurity engineers did not break the encryption. Breaking CryptoAPI’s RSA-2048 algorithm with a desktop computer would take longer than the age of the universe.
Instead, Kyrus obtained examples of private keys the algorithm created and mapped out solutions from there. This lets the company’s decryption application – now a standard part of any reputable consumer cybersecurity software toolset – take a shortcut.
However, following CryptoLocker’s success, many other cybercriminals have taken to misusing professional-grade encryption in their ransomware attacks. Security researchers continue to crack encryption algorithms at a quick pace, but brand-new ones appear in the wild just as frequently.
The best way to protect yourself against CryptoLocker encryption and its variants is through prevention. Consider the following best practices:
- Use Offline Backups. CryptoLocker would encrypt connected backup drives, preventing easy recovery. But if you keep and maintain a backup drive that is kept separate from your main systems, you have a copy of your data no ransomware can touch. Datto cybersecurity backup solutions do this while remaining as easy to set up as a Wi-Fi router.
- Block Attached Executable Files. Email remains the top cybersecurity attack vector, especially in business environments. Blocking executable files and compressed archives in your email client is just the first step – consider upgrading to a professionally secured email platform.
- Implement Software Restriction Policies. These policies can prevent applications like CryptoLocker from executing in common directories where they are most likely to do great damage.
- Remove Unnecessary Services. Your operating systems can install third-party auxiliary services that are not critical to any of your business processes. While the systems themselves are generally harmless, cyberattackers can exploit them to gain access to your network.
One way to achieve these measures is through managed IT network services. Third-party expertise with dedicated resources can be far more effective at thwarting the threat of ransomware than tasking your own IT department with the responsibility.
Are you ready to protect your company from the threat ransomware poses? Contact us to learn about cyber threat mitigation.