This is how companies could protect themselves against the cryptolocker ransomware.
The cryptolocker ransomware was a polymorphic virus, which was used to encrypted computer systems. The only option affected individuals had at that time was the payment of a ransom, in order to decrypt their data with a unique key. A deadline for the payment of the ransom was also determined.
If the deadline had expired and the ransom was still not paid, the decryption key of the cryptolocker ransomware was deleted. The data was then irrevocably encrypted. Important documents were therefore lost forever.
If the cryptolocker ransomware attack was carried out through a website, the polymorphic virus would be downloaded via an update. This could happen via Java Script or Acrobat Reader. There was the possibility to become a victim of a cryptolocker ransomware attack, even if a user just followed a link to a malicious website. On that website, the download of an infected file started automatically and the malware immediately installed itself. The tricky part was that the user did not actively noticeit. This meant that the local files were encrypted in the background without being detected. After this process was complete, a notice or pop-up window would appear, which would list the payment terms for the ransom.
Why you should generally never pay a ransom after a cryptolocker ransomware attack
The problem was that the victims of the cryptolocker ransomware were often denied access to their files even after paying the ransom money. For this reason, authorities and IT experts generally advise against paying a ransom to the cyber criminals. Also, the attackers will use the money to develop new threats and attacks with the ransom money.
How a cryptolocker ransomware attack could have been prevented
For an effective protection against the Cryptolocker ransomware, you will now find a list of useful tips. The following preventive measures would have been recommended during an attack by the cryptolocker ransomware and are still valid with regard to any ransomware attack.
3 ways to protect yourself against crypto ransomware
Businesses should always take care to secure their data at regular intervals. Short backup intervals are therefore reasonable. The time intervals between the backups should be limited to only a few days. Having access to a backup, the victims of the cryptolocker ransomware would have been able to access their backups and restore their data without major losses. However, it should be noted that during this process the backups should be saved to a physically independent drive and ideally with a versioning feature. For example, a USB hard disk would not have been sufficient.
Not only in relation to cryptolocker, but also other ransomware versions, the following recommendations still apply: Keep your systems of your company always up-to-date. This applies to updates of your operating system as well as to your security software. Talk to your provider regularly about new updates. Most software vendors publish their updates on a special website or inform their customers directly about the application or via email about updates.
3. Hornetsecurity Advanced Threat Protection (ATP) as an IT security service
Hornetsecurity Advanced Threat Protection (ATP) provides you with a comprehensive IT security concept that detects and protects from complex attacks such as CEO fraud, spear phishing, whaling and also ransomware. As soon as a malicious email is on its way to the recipient, Hornetsecurity ATP will detect it and prevents the delivery. Additionally, you will receive detailed information about the attack on your company.
Protection against the cryptolocker ransomware
In practice this means the following: As soon as the user wants to open an email attachment, the attached file is carefully opened and analyzed in a protected system environment. If it actually happens to be a positive malware attachment, the delivery of the email is prevented.
Another recognition method used is freezing, which holds suspicious emails back or “freezes” them. Once the signatures for the scanning filters have been updated, a new scan of the retained file is performed. This ensures that the cryptolocker ransomware would not have had a chance to enter the companies’ systems.
CEO Fraud, Whaling and Phishing
The intention of many attackers is to get their hands on personal data, such as credit card information and logging data (whaling and phishing). From a financial point of view, these kind of cyber attacks are also very rewarding for the perpetrators. For example, CEO fraud tries to persuade employees under false pretenses to transfer funds, for example to offshore accounts.
There have already been cases where companies were scammed for several million dollars. Employee-related terminations are not a rarity in this context. Hornetsecuritys Advanced Threat Protection (ATP) provides a sustainable solution for enterprises where traditional IT security mechanisms fail. The analysis of a certain internal corporate communication structure reveals irregularities and prevents them through identity spoofing.
Weiterhin sichert Hornetsecurity Advanced Threat Protection (ATP) Ihr Unternehmen zuverlässig gegen Blended Attacks ab. Bei dieser Form nutzen die Cyberkriminellen gleich mehrere Vektoren, um einen Angriff durchzuführen. Recht beliebt bei den Angreifern sind PDF-Dateien oder Office-Dokumente, die der E-Mail als Anlage beigefügt sind und Links zu Drive-by-Downloads aufweisen. Gegen Blended Attacks nutzt Hornetsecurity Advanced Threat Protection (ATP) die nachfolgenden Engines: URL-Scanning, URL-Rewriting, Sandboxing und Freezing. So wären Sie als Unternehmen zuverlässig geschützt.
Real-time alerts and employee awareness
As soon as Hornetsecurity Advanced Threat Protection (ATP) detects an attack, the user will receive a real-time alert about suspicious digital activities, which will allow companies to react quickly. This applies both to the initiation of internal company measures as well as legal measures. The user interface of the analysis engine allows companies to receive detailed information on individual attacks. Once a threat has been identified, the communications chain within the company can be used to inform other employees about incidents. Awareness raising among employees prevents, for example, the use of further attack vectors such as telephone lines.
Ex Post Analysis via Hornetsecurity Advanced Threat Protection (ATP)
The analysis not only takes place in real-time, but also after the attack. This way, emails, which were initially classified as safe, can be classified by the so-called “ex post alarm” as a threat at a later date. The chief information security officer of the companies has the opportunity to carry out a further detailed analysis, which significantly prevents the spreading of the attack.
The Targeted Fraud Forensic Engine
The Targeted Fraud Forensics consist of several recognition automatisms. They analyze malicious emails that cannot be recognized through a link or an attachment. In addition to the recognition of certain malicious patterns by the Intention Recognition System, Targeted Fraud Forensics also uses Feign Facts Identification. The mechanism recognizes false or manipulated notifications. If you would like to receive more information, then click here. There you will also get more detailed information about cryptolocker ransomware.
Read more about IT security in our blog
We hope that after our first contribution on of cryptography you have found your way back to your office safely and eagerly awaited this continuation. During our first exploration, we got to know different encryption methods, that have poven to be formative for the...
Visit our knowledge database
Did you like our article about Cryptolocker in the knowledge database? Then click here for the overview page of our knowledge database. There you will learn more about topics such as DDoS attacks, phishing, brute force attacks, GoBD, Cyber Kill Chain and Ransomware Kill Chain.