What you can do to prepare for Cryptolocker and related malware
Cryptolocker has been in the news so frequently recently that it has become a household name, but this is just one variant of a type of malware that has existed for a while now and dubbed ransomware. Encrypting a user’s data and holding it for ransom until money is sent via Bitcoin or other difficult-to-trace methods, this software preys on the average home user as well as businesses. Data such as photos, PDF files, and text documents are taken hostage and a countdown is provided; if money is not sent in time, the information may be gone forever. What can you do to protect yourself?
Unfortunately, after the infection, there is little to be done. Most of this malware has been seen using difficult-to-crack encryption that is not going to be undone without a vast amount of resources. However, there are ways to prepare for an attack.
1. Be prepared with regular backups.
The number one way to beat this malware is to keep it from having anything to hold against you. For businesses, this means keeping backups of critical data – anything needed for operations and reference. Standard images should be ready for all system types so that the device can just be re-imaged, restoring the system to its original state while also eradicating the malware. For the home user, keep backups of all the documents you might miss if you lost them, which means everything from tax documents to vacation and baby photos.
2. Limit access to shared drives.
Taking it up a notch on the scale of insidiousness, variants of Cryptolocker have been found that will encrypt any drives that are connected to the initial victim’s PC. This means that not only will your hard drive be affected, your networked drives may also be encrypted. Limiting write access can help to prevent this portion of the infection. The “principle of least privilege” comes into play here, meaning that users should only have access to what they absolutely need. It may be difficult to accomplish this 100%, however regular access reviews can help out a lot here.
3. Filter your traffic.
This particular recommendation may apply more to businesses than individuals, as it mainly focuses on using firewalls and other perimeter defenses. Some forms of this malware have been found to “call out” to a controlling server prior to encrypting data. If this can be detected, or better yet intercepted, it can help to identify or prevent the exploitation of your systems. In addition, strong ingress filtering (preventing connections from unapproved sources) can assist in preventing infection in the first place.
Cryptolocker may use different tactics than malware we’ve seen before, however the methods that it uses to enter our networks and cause problems are not new. A solid security methodology, strengthened by regular reviews of policies and access controls, can go a long way towards mitigation and prevention of this threat.