We’re aware that over the past few weeks, there has been an increase in CryptoLocker-style attacks. We want to make sure that all of our customers are aware of the situation and provide them with a few tips on how best to be prepared to combat this.

What is a CryptoLocker attack?

CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows. Created via infected email attachments and via an existing botnet, when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers.

The malware then displays a message which offers to decrypt the data if a payment (through either bitcoin or a pre-paid cash voucher) is made by a stated deadline and threatens to delete the private key if the deadline passes.

If the deadline is not met, there is a second message supplied stating that the price to decrypt is now much higher.

 Although the CryptoLocker is readily removed, the files that it encrypted remain that way in which is considered unfeasible to break. It is said that the ransom should not be paid, but there aren’t many solutions to recover the files if payment is considered, some victims have claimed that paying the ransom did not always lead to the files being decrypted.

How to protect yourself

The best way to stay secure and protected from a cryptolocker attack or any other cyber attack is to have the latest security solution. If you have Fortinet Sandboxing, this will go a long way to protect you from a CryptoLocker attack. Additionally, you should:

  • Backup regularly and keep a recent backup copy off-site
  • Enable file extensions
  • Open JavaScript (.js) files in Notepad
  • Don’t enable macros in document attachments received via email
  • Be cautious about unsolicited attachments
  • Don’t give yourself more login power than you need
  • Stay up-to-date with new security features in your business applications.

 

We can help with FortiSandbox

 FortiSandbox, provided by Fortinet, offers a robust combination of proactive detection and mitigation, threat insight and integrated automated deployment. At its foundation, it’s a unique, dual-level sandbox which is complemented by Fortinet’s award-winning anti-malware and optional threat intelligence. Years of Fortinet threat expertise is now packaged up and available on site or via the cloud via FortiSandbox.

When FortiSandbox discovers suspicious codes, these are subjected to multi-layer pre-filters prior to execution in their virtual OS for detailed, behavioural analysis. The highly effective pre-filters include a screen by Fortinet’s AV engine that sends queries to cloud-based threat databases and OS-independent simulations.

Once a malicious code is detected, granular ratings along with key threats is measured, a signature is dynamically created for distribution to integrated products and a full threat information is optionally shared with FortiGuard labs for the update of the global threat databases, making sure that you’re as safe as possible.

If you’re unsure about CryptoLocker attacks or Ransomware as a whole, please contact us and we’ll discuss it with you in detail, how your infrastructure is set up to protect yourself from the threats today and in the future.