- Get link
- X
- Other Apps
Definition of Cryptolocker Ransomware
CryptoLocker is a form of ransomware that restricts access to infected computers by encrypting their content. Once infected, victims must pay a "ransom" to decrypt and recover their files.
The main means of infection is phishing emails with malicious attachments. These emails are designed to mimic the appearance of legitimate businesses and fake tracking notices from FedEx and UPS.
Attackers disguised CryptoLocker attachments to trick unsuspecting users into clicking on an email attachment that activates the attack. Victims then had to pay a ransom to decrypt their files. CryptoLocker spread between early September 2013 and late May 2014.
History of Cryptolocker
The CryptoLocker attack occurred between September 5, 2013, and the end of May 2014. It was identified as a Trojan virus (malicious code disguised as something harmless) that targeted computers running multiple versions of the system Windows operating system. It was accessing a target computer through fake emails designed to mimic the appearance of legitimate businesses and through fake tracking notices from FedEx and UPS.
When a machine is infected, CryptoLocker finds and encrypts files located on shared network drives, USB drives, external hard drives, network file shares, and even some cloud storage drives. By early November 2013, the CryptoLocker ransomware had infected around 34,000 machines, mainly in English-speaking countries.
A free decryption tool was put in place for this purpose in 2014. But various reports suggest that more than $ 27 million has been extorted by CryptoLocker.
Protect Yourself From Cryptolocker Attacks
US-CERT advises users to protect themselves against CryptoLocker by performing routine backups of important files and keeping backups stored offline. Users should also keep antivirus software up to date and keep their operating system and software up to date with the latest patches.
Users should also not follow unsolicited web links in emails and exercise caution when opening email attachments. And, as always, follow safe practices when browsing the web.
Recover Files After Cryptolocker Attack
As soon as your users detect a ransom note or virus, they should immediately disconnect from the network. If possible, they should physically bring the computer they used to their IT department. Only the IT security team should attempt to restart the computer.
Paying the ransom is a central part of your response. This decision should be based on the type of attack, who has been compromised in your network, and the network permissions available to the holders of compromised accounts.
Ransom attacks are a crime, and organizations should call law enforcement if they fall victim to them. Forensic scientists can make sure systems aren't compromised in other ways, gather information to better protect organizations in the future, and try to track down attackers.
Sometimes security researchers offer decryptors that can unlock files for free, but they are not always available and do not work for every ransomware attack.
If organizations have followed best practices and maintained backups of their systems, they can quickly restore their systems and resume normal operations.
Comments
Post a Comment