… The biggest threat is if the virus starts encrypting the network server shares. This can be catastrophic and if we don’t take proper action soon enough then your local backups are also encrypted.
I wanted to bring to everyone’s attention of a new virus that you should be aware of. Normally I don’t get too excited over viruses and other types of Malware, but this one is a bit different and the damage it does can be VERY severe. The name of this virus is called Cryptolocker. You may have already heard about it, but if you haven’t I would suggest you read a little on it. Here is a few very easy to read article on what it is. Click here for Cryptolocker info and here .
What It Does
To sum things up, if someone gets infected it will encrypt all the data on your computer. It does this with government grade crypto and it is NOT recoverable. It will ask you to pay a “Ransom” fee to get your data back. Do not pay this fee. Paying the fee normally means you’re just 300 dollars less rich. There has been stories of this actually working, but as of yet I have not seen it work. The only way to get your data back is to restore from a backup before the data was encrypted. So we need to make sure that the important things on your computer are not saved to your “C” drive and are stored on the server. So the other set of bad news is that it will also reach out to any server drive that the user has access to and also encrypts that as well. Since we backup the server, there is a “chance” we can recover the data with your local backups. Here is the rest of the bad news, in most cases the local server backups also get encrypted.
Defending Yourself Against Cryptolocker
As you can see this is not a good thing to get in any circumstance. The only true defense for this virus are a few things. First off never get the virus, which is the best scenario. A lot of your guys already have a Sophos UTM (advanced web filtering firewall), this will seriously reduce your chance on getting the virus. No web filter or antivirus will be a 100% protection, but having a UTM really helps mitigate this threat. Other things we can do is remove JAVA from your computers that don’t absolutely have to have it installed. Java is one of the single biggest vectors of getting viruses. Avoid opening attachments in email that you are not 100% sure are safe and from the person you believe they are from. If in doubt don’t open them, call the person that sent the email to you and ask if they did indeed send it. If your still in doubt then send them to me and I’ll check it for you. Avoid using search engines (Google or Bing) and use favorites if you can.
Mitigating the Damage
Ways to recover from Cryptolocker if you get infected are slim, but there are a few sure fire ways to be protected from this. If you feel your computer has a virus, shut it down and call us. If you get Cryptolocker and we catch it soon enough, the encryption will be limited to just that computer. The biggest threat is if the virus starts encrypting the network server shares. This can be catastrophic and if we don’t take proper action soon enough your local backups are also encrypted. The only true recovery from this is offsite cloud based backups that allow you to restore to previous revisions in full. If we do offsite backups for your company then your data is safe and we will have a way to recover. Offsite backups like Carbonite will not work since you can only restore to the latest set of data or a revision of a file at a time. There is no way to restore all files to “yesterday” with Carbonite. Some of you already have offsite backups with us but some of you do not. If you do not have backups with us , you should look into an offsite solution from someone even if its not us. Call us and we will be happy to get you setup with something that will protect your data.
If you have a UTM and offsite backup, then you are as safe as you can be. If you don’t have these things call us and we can work with you to get setup. For our accounting clients, please be aware that recovery from an offsite backup can take a couple of days. Since a couple of days during tax season can be very damaging, we need to be extra diligent on what we do on the internet.
Sorry for all the good news. Please feel free to call us if you have any questions.