CryptoLocker Update

We wanted to take this opportunity to give an update in regards to the CryptoLocker malware that we first notified you of last October. Since our original communications, there have been some concerning evolutions in this genus of malware including variations in its aggressiveness and infection path. The latest variant of this infection goes by the name CryptoWall.

Like CryptoLocker before it, CryptoWall can infect PC’s via targeted email, and proceeds to encrypt files on the infected computer and on any network shares that the computer has access to. It also demands a ransom to decrypt your data and provides a deadline for payment. Unlike CryptoLocker CryptoWall can also infect machines through hijacked web advertisements and through infected downloads, demands ransom be paid in difficult to obtain BitCoin, and the ransom has increased to $500.

At TNSC, we are constantly striving to stay ahead of emerging malware threats, and as such, have already been re-enforcing our existing defenses against CryptoLocker and developing new defenses against CryptoWall. Even if you already had our original CryptoLocker block installed on your network, to get maximum coverage you will need to have us apply the latest defenses we have against the new variants. Applying these defenses through our managed services could create a temporary impact as we fine tune them for your unique environment, however this discomfort is minimal compared to the impact of actual infection.

While we can apply protections against this malware to your network, your best hope of mitigating impact is to have a solid pro-active defense strategy. This strategy should include:

*Employee Education: making sure that your employees know what to look out for to avoid infection and what to do in the case of infection. The targeted email we’ve been seeing looks quite legitimate and appears to be from vendors such as intuit. Links within email, especially unexpected email, should never be clicked.
*A solid and reliable backup: the only way to effectively recover from this infection is to restore encrypted files from backup. It’s always a good idea to maintain a solid backup and this particular threat makes that all the more poignant.
*A solid first line of defense: make sure that your antivirus software is up to date and fully functional. If you are a TNSC Managed Services provider this is already taken care of, if not you may want to have us check your existing solution to make sure it’s still running properly.
*A quick reaction plan: once a PC on your network is infected, it’s key to recoverability to quickly recognize that it is or may be infected and remove it from the network immediately by unplugging its network cable and powering it down.

The risk from this malware is substantial, but with the correct information and preparation it’s a manageable threat. We strongly recommend implementing preventative measures on your network, making sure you have a rapid response game plan for infection that all of your employees are educated about, and confirming that your backups are working properly. TNSC is always happy and ready to help with any and all of these measures, please contact your account manager if you would like to discuss bolstering your defenses against this or any other potential threat to your network.

To contact your Account Manager, please contact us at 203-744-2274