Malware Removal & Cryptolocker
Recently I was called by a new prospect, who business was affected by a variant of the Cryptolocker ransomware infection. For those of you who do not know what cryptolocker ransomware is, I suggest you take a close look at the posts by the guys over at OpenDNS. What had happened in this case was that the companies antivirus software was up to date. However, as there was no spam protection in place, an email came in from a client of theirs, with an attachment of a statement in zip file format. One accounts rep couldn’t open the files and duly passes the file over to a colleague. They couldn’t open the attachment either(or so they thought) and passed it to a more savvy technology user in the organisation and they opened it also. All three computers were infected with cryptolocker ransomware. All documents on the local computers were not accessible as they were encrypted, as well as all of the shared documents on the server.
We sent two engineers to site to clean all of the computers using the Eset online scanner utility as well as malwarebytes. We had successfully cleaned all computers from the infection after 8 hours onsite. However the encrypted files were locked and obviously we could not decrypt. Luckily the new client had a backup of their shared documents on hand and we restored the files. It’s vital that you use a good quality backup utility, at all times.
Prevention is better than cure.
This one is obvious. Always use a good quality AntiVirus software. We are resellers of Eset and McAfee and both do a very good job at protecting your network. However, we would also recommend a robust security gateway (firewall) from Zyxel or Sonicwall. They can perform deep packet inspection and if a sniff of rogue code is detected, the download of infection is prevented.
Another free method to use is also OpenDNS’ home user account. I have successfully set this up at home on my Netgear router, and I’m safe with the knowledge that my childrens ipad and android tablets are blocked from inappropriate content, as well as blocking access to other downloadable virus.
The ESET Security suite have been protecting against cryptolocker since it emerged. Read their article dating back to 2013 on this very issue. However, as there are many variants, and they are constantly changing. All you can do is to have as many security measures in place as possible, so Security Software, Hardware Firewalls with packet inspection , and additional layers of protection such as opendns. Do you may have a MacBook and you assume you are protected? If the answer is yes, then you are wrong! MacBooks are not impervious to malware attacks. I suggest you get use ESET’s Security Suite for Mac.
Scanning emails is also important. If you use exchange server on premise, then you should use the Eset Mail Security Suite, or consider moving to cloud based email services from Microsoft Office 365 or Google Apps for Business. More importantly, if you see an offer on a website too good to be through, ignore it, similarly, if you see an email from someone you don’t know, or that the attachment looks a little odd, don’t open it! Common sense generally prevails.