Cryptolocker virus back on the rise

Backup : Recrudescence du virus cryptolocker

In 2015 ransomware has been a hot topic in the cybersecurity industry and for good reason – it is very profitable. Notably, the 2016 Annual Security Report conducted by Cisco revealed that a single campaign could yield approximately $34 million gross annually for the ransomware.

As a reminder, Cryptolocker is a form of malware that makes all data stored on the infected hard drive unusable. To do this, once installed on the computer, usually by means of a fake email designed to imitate the appearance of an existing and legitimate company (a bank for example), it encrypts all data using a randomly generated encryption key.

Since the beginning of 2016, Beemo Technologie has recorded approximately 90 cases of Cryptolocker among its customers. This ransomware is a real threat on the rise.

To warn your customers of a possible Cryptolocker attack, we advise you to send them the following recommendations :

Have a secure computer park :

  • Regularly update installed software: operating system, email software, web browsers etc. ,
  • Secure the computer system by equipping it with antivirus software and firewalls,
  • Pay attention to file access rights and share management. The ransomware will attack local volumes but also any open shares it can find and encrypt files if it has writing access.
  • Disable macros in word, secure internet browsing. These are the two preferred entry vectors for the Cryptolocker virus.

Be vigilant :

  • Avoid surfing on unsecured or unknown websites,
  • Be very careful with attachments and files that may be downloaded, especially .doc or .zip files that are of unknown or unverified origin for the user. Since 16 February 2016 a malicious email campaign has been circulating containing attachments in the following formats :

    COPY_INVOICE_<8 chiffres>-<8 chiffres>.doc
    document_Invoice_<6 chiffres>.zip
    Invoice_copy_<8 chiffres>.zip
    Invoice_feb-<8 chiffres>.doc
    Invoice_J-<8 chiffres>.doc
    Invoice_ref-<8 chiffres>.zip
    scan_<6 chiffres>.doc

Have a secure, outsourced backup of your data. This is still the best way to protect against this type of attack, in addition to the risks associated with technical incidents and handling errors. Regularly backing up data will avoid the need to pay the ransom, and it will be sufficient to restore the backed up data prior to the Cryptolocker attack.
Indeed, apart from paying the ransom, it is impossible to recover your data. However, this solution is not recommended as the customer will have no guarantee that the data will be deciphered afterwards or even that a subsequent attack will not take place. Moreover, this only helps to financially support the developers of the malware and make future attacks possible.

Une question ? Un projet ?

N’hésitez pas à nous contacter !