How to Stop CryptoLocker Before It Stops You

How to Stop CryptoLocker Before It Stops You

What would you do if your computer workstations simply stopped working? The scenario usually runs like this: Productivity grinds to a halt. Management remains unable to communicate with employees, who are in turn unable to act without managerial guidance. Executives fly into full damage control and customers are left confused and disheartened.

All of this can lead to large damages. Small and medium-sized businesses lost an average of $117,000 to cyberattacks in 2017, and enterprises lost an astounding $1.3 million on average. One of the most virulent ransomware variants in the wild today is CryptoLocker. This particular strain of ransomware is also one of the oldest still in action today – it was originally discovered in 2013.

CryptoLocker established many of the tropes that have come to define the threat ransomware presents to businesses today. Unlike previous versions of ransomware, CryptoLocker aggressively targets businesses and encrypts critical data using professional Microsoft CryptoAPI encryption, which is effectively impossible to crack with today’s technology.

Because CryptoLocker and similar malicious programs can encrypt your data and render it completely unusable, prevention is key. The good news is that CryptoLocker prevention is not as difficult as it sounds. Adhering to good cybersecurity practices can help you mitigate the risk of falling victim to this attack.

CryptoLocker Prevention Means Using Email Securely

CryptoLocker, like many forms of ransomware, primarily infects computers through email. The preferred strategy cybercriminals use is phishing, wherein the attacker will impersonate a trusted contact through email and convince the victim to download and open a malicious attachment.

A trusted contact can mean anyone from a co-worker to a well-known corporation like FedEx or PayPal. The attacker can reasonably assume that most people have an account with PayPal and creates a forged email that looks like it comes from the company.

The email in question will usually require some kind of urgent action. It may ask the recipient to verify his or her account, or it may send an attached spreadsheet and request verification of fraudulent payments that were never made. Whatever the case, the ultimate goal is tricking the victim into downloading the malware. Once that happens, CryptoLocker begins isolating files and preparing them for encryption.

Be suspicious of any email that requires you to download an attachment or click on an embedded link. You should be suspicious even if that email appears to come from a trusted contact. It is extremely easy for cybercriminals to forge email identities. Whether coming from a trusted third-party or from an employee’s immediate supervisor, emails demanding urgent action cannot be trusted.

Put a Cybersecurity Policy in Place

Protecting your own workstation against ransomware is easy enough, but comprehensive CryptoLocker prevention becomes a great challenge when multiplied across an entire workplace. In order to guarantee your company’s safety, you need to implement a policy that addresses ransomware risks.

Since email is the most popular vector for ransomware attacks, email security should form the crux of your cybersecurity policy. Employees should know that supervisors and co-workers will not ask for urgent action through email – the phone is better suited for immediate action.

Furthermore, employees need guidance on how to deal with suspicious emails when they arrive. The cybersecurity policy must provide for verification of suspicious emails, or risk employees losing important messages.

But the best way to reinforce a cybersecurity policy is by implementing comprehensive disaster recovery backup tools. If your company has access to a cloud-based business continuity solution, you can simply leave encrypted files where they are and work off of your last backup.

However, implementing a disaster recovery solution requires planning for every contingency. For instance, your disaster recovery backup needs to be separate from your main systems. Otherwise, CryptoLocker may very well encrypt your backups!

Another key consideration is recovery time. If you had to reboot your entire business off of your backup data systems, how long would it take before you are up and running? In an ideal scenario, you should have systems in place that allow you to immediately begin working off of your backups, rather than waiting hours or days for them to transfer.

Cloud-based cybersecurity solutions can provide comprehensive CryptoLocker prevention, but only if properly configured and deployed. Consult a cybersecurity expert when planning your disaster recovery plan.

Are you ready to protect your business with industry-best cybersecurity? Our team is ready to help you implement robust security solutions.