This Ransomware is one of the most dangerous computer viruses to appear in recent years and has been a real threat for businesses globally.

Cryptolocker Ransomware seems to be everywhere right now. This Ransomware is one of the most dangerous computer viruses to appear in recent years and has been a real threat for businesses globally. It has largely taken the Security industry by surprise, especially given that the infection vector is mostly via Email attachments which in themselves are very easy to identify and block. Based on the success of Cryptolocker we will probably see a few more variants and new infection vectors. Anything that makes money is likely to spawn a whole family of copycats. So it’s important to stop the spread.

Thanks to Rob Collins, Senior Systems Engineer - APAC, WatchGuard Technologies for sharing this feature article with us at LogicalTech. The good news for you is that prevention is very simple.

Here are 5 simple ways you can stop Cryptolocker in its tracks and better prepare yourself for any issues that may arise from your network’s infection.

You’ve been Cryptolocked!

1. Block .exe files over email, including within ZIP files. This can usually be done using an anti-spam system that works and is correctly setup. If you MUST receive .exe files over email, then only allow them for a small group of users who are well trained on network security. Latest attacks are using a password protected ZIP with the executable inside, and providing the password in the email. Better systems can still detect the .exe file inside the ZIP and block it, even if they cannot extract the password-protected content.

2. Ensure that you’re creating Daily backups and make sure that they’re working. However, CryptoLocker will look for network shares and lock them up too, so consider external hard drives, physical media or cloud backup services like PackRat for DropBox.

3. Educate your staff on the risk of opening email attachments that they shouldn’t. They may receive an email that they weren’t expecting or something may look wrong about it. These emails can also come from a spoofed account that may look legitimate or even appear to be from someone you know. The bottom line is to always be careful when opening email attachments. This also includes home use as connecting a work pc to an infected home network can then be spread to the work environment when it’s reconnected. Most email gateways have the ability to quarantine attachments. This might be an option for users who can’t be taught!

4. Run a reputable Antivirus solution on your PCs and Servers. Make sure it’s working and up to date. And while it’s not free, a separate AV solution on a Firewall provides an additional layer of defence and improves the chances of detection by 50%.

5. Make sure you can see the true extensions of your files. In Windows, Microsoft automatically hides the extensions of known file types by default. As a result, a dangerous file could be labelled as “RapidFAX.pdf”   when it’s really “RapidFAX.pdf.exe”.  In Windows 7, you can turn off this default options in your folder’s display settings by opening up “My computer>> Organize (top left of browser window)>> Folder and search options>> View> Uncheck “Hide extensions for known file types”.

Here is an example of the Cryptolocker virus using password protection on an email attachment in order to trick the user into entering the password, allowing it to bypass virus scanning after Anti-virus companies managed to stop it.

Cryptolocker using password protection to trick users into providing access, bypassing AV. Here is an example of the Zeus Trojan being sent using a very authentic looking message (except for the lack of the use of the enter key) that includes Australian format phone numbers. The Tax Invoice attached is in fact the Zeus Trojan, which has all kinds of uses, including sending more spam and the Cryptolocker malware.

This is an example of an authentic looking email carrying the Zeus Trojan designed to deliver various infections including spam and Cryptolocker. If you follow the 5 steps listed above, you’ll be better equipped to handle both Cryptolocker and other things that may threaten your network. Thanks to Rob Collins, Senior Systems Engineer - APAC, WatchGuard Technologies for sharing this feature article with us at LogicalTech.

LogicalTech is one of the leading Professional Partner with WatchGuard Technologies in Australia. Find out more by contacting an authorized WatchGuard reseller, LogicalTech today.

This special technology report is submitted by Cassidy Poon, National Marketing Manager for LogicalTech Group and Cassidy Poon is one of Australia’s leading B2B Enterprise Technology Media Publicist.