September 25, 2015
One of the worst viruses that we’ve seen over the last 20 years has to be Cryptolocker. It’s more commonly referred to as ‘ransomware’ because it takes key office files and encrypts them and then demands a hefty payment to release the files back to you. Prevention is absolutely key here as decrypting the files is nearly impossible.
The Crypto-malware encryption affects doc, xls, jpg, txt, pdf, zip, rar files – as well as over one hundred other file types. Advantage Database Files (Prevail database files) such as ADT,ADM and ADI are not infected but the \docs and \history folders within your Prevail server can be – backups are of key importance here.
EDUCATE YOUR USERS: How does the infection spread? Typically by an email attachment, so watch out for those “Please find my attached invoice” type emails, common sense prevails (!) here – simply do NOT open any attachments from any unknown senders. Once infected an infected PC will browse network drives and systematically start encrypting files within folders that it can discover.
CHECK YOUR BACKUPS: Because Cryptolocker (and its variants) are ‘dynamic’ (they change their file signature on a regular basis) they easily avoid detection by the majority of the major anti-virus vendors. Ensure that your backups are complete and intact, test a restore – consider implementing a disaster recovery procedure.
USE THE INTERNET TOOLS: If you operate in a small peer-to-peer network (i.e.: you do not have a Windows domain) block executable files from running from the %appdata% folder by using the Cryptolocker Prevention utility (it’s free) on each PC in your workplace. Speak to your IT contact to confirm that this is an acceptable preventative measure.
BLOCK INFECTIONS USING GROUP POLICY: If you a have a corporate domain (a domain controller) you can block emailed executable attachments from running on your workstations by following the guide posted here. Speak to your IT contact to have this implemented on your Windows domain network.