CryptoLocker Hitting Some Small Businesses, Providers Say
Once a system is infected, the CryptoLocker malware encrypts the victim's files and attempts to extort payment for the key to unlock them. The ransomware also can target a victim's online or local networked backup as well. At least one firm was forced to pay out the ransom, but most victims were able to recover files with a recent backup, according to service providers.
Once a client's systems are infected it is only takes a short time before they pick up the phone to request help, said David Senseman, president of Cincinnati-based Integrity Solutions Group, a managed service provider whose clients are mainly dental industry offices and clinics. The threat can spread to other connected systems, Senseman said.
"It's been a process of wiping their drives and restoring and reloading their data," Senseman told CRN. "We advocate a multitiered approach to backup, so our affected clients were able to recover their systems from a recent backup."
Symantec calls CryptoLocker one of the most menacing threats of 2013. It surfaced in September and spread across the globe infecting systems in the U.S., Europe and Asia. Ransomware is a long-standing threat, but security researchers at Cisco Systems say the attacks have grown significantly in 2013.
Ransomcrypt, which continues to be detected by antivirus vendors, surfaced in 2009 and uses a less complex encryption scheme. An even earlier version called Gpcoder also used a weaker encryption scheme when it was first detected in 2005. Other versions of ransomware typically lock computer screens and tech-savvy victims or system administrators can take steps to bypass the lock and remove the infection.
Symantec and other security vendors recommend businesses educate their users about opening email attachments and clicking on links in email. In addition, organizations should have a patch-management strategy to ensure that endpoints maintain up-to-date software, said Neil Butchart, vice president of North America at path management vendor Secunia. Operating system software, core applications and third-party programs should be maintained and updated, Butchart told CRN. Important data should also be backed up. Since the malware also encrypts some cloud-based backups, security experts recommend businesses maintain an offline backup -- a standard industry best practice.
Despite an increased focus on CryptoLocker and other malware threats, attacks are designed using social engineering tactics to trick people into browsing to a malicious website or opening a file attachment, said Don Gray, chief security strategist at managed security service provider Solutionary.
Gray said his firm has seen people at companies with strong security cultures get tricked by a phishing attack. Cybercriminals are increasingly turning to blogs and social networks to design convincing messages for their targets, Gray said.
"It shows that people are at the weak point; we're human and fallible," Gray said.
PUBLISHED DEC. 13, 2013