What do you know about the cryptolocker ransomware?

This is how companies could protect themselves against the cryptolocker ransomware.

The cryptolocker ransomware was a polymorphic virus, which was used to encrypted computer systems. The only option affected individuals had at that time was the payment of a ransom, in order to decrypt their data with a unique key. A deadline for the payment of the ransom was also determined.

If the deadline had expired and the ransom was still not paid, the decryption key of the cryptolocker ransomware was deleted. The data was then irrevocably encrypted. Important documents were therefore lost forever.

The cryptolocker ransomware could enter the computers in two ways. The emails and web pages were primarily used as a gateway. The users received an infected file attachment in their electronic mailbox. This could be, for example, a compressed zip or rar file, a word document or a picture – in the form of a jpeg. The attackers disguised themselves as federal institutions, online traders, applicants or business partners.

If the cryptolocker ransomware attack was carried out through a website, the polymorphic virus would be downloaded via an update. This could happen via Java Script or Acrobat Reader. There was the possibility to become a victim of a cryptolocker ransomware attack, even if a user just followed a link to a malicious website. On that website, the download of an infected file started automatically and the malware immediately installed itself. The tricky part was that the user did not actively noticeit. This meant that the local files were encrypted in the background without being detected. After this process was complete, a notice or pop-up window would appear, which would list the payment terms for the ransom.

t

Why you should generally never pay a ransom after a cryptolocker ransomware attack

The problem was that the victims of the cryptolocker ransomware were often denied access to their files even after paying the ransom money. For this reason, authorities and IT experts generally advise against paying a ransom to the cyber criminals. Also, the attackers will use the money to develop new threats and attacks with the ransom money.

How a cryptolocker ransomware attack could have been prevented

For an effective protection against the Cryptolocker ransomware, you will now find a list of useful tips. The following preventive measures would have been recommended during an attack by the cryptolocker ransomware and are still valid with regard to any ransomware attack.

3 ways to protect yourself against crypto ransomware

1. Backups

Businesses should always take care to secure their data at regular intervals. Short backup intervals are therefore reasonable. The time intervals between the backups should be limited to only a few days. Having access to a backup, the victims of the cryptolocker ransomware would have been able to access their backups and restore their data without major losses. However, it should be noted that during this process the backups should be saved to a physically independent drive and ideally with a versioning feature. For example, a USB hard disk would not have been sufficient.

2. Updates

Not only in relation to cryptolocker, but also other ransomware versions, the following recommendations still apply: Keep your systems of your company always up-to-date. This applies to updates of your operating system as well as to your security software. Talk to your provider regularly about new updates. Most software vendors publish their updates on a special website or inform their customers directly about the application or via email about updates.

3. Hornetsecurity Advanced Threat Protection (ATP) as an IT security service

Hornetsecurity Advanced Threat Protection (ATP) provides you with a comprehensive IT security concept that detects and protects from complex attacks such as CEO fraud, spear phishing, whaling and also ransomware. As soon as a malicious email is on its way to the recipient, Hornetsecurity ATP will detect it and prevents the delivery. Additionally, you will receive detailed information about the attack on your company.

Protection against the cryptolocker ransomware

As the last few years have shown, the area of cybercriminality should not be underestimated, especially in the case of blackmail trojan virus. In order to discover these complex attacks, Hornetsecurity Advanced Threat Protection (ATP) relies on a sandbox analysis engine, amongst others.

In practice this means the following: As soon as the user wants to open an email attachment, the attached file is carefully opened and analyzed in a protected system environment. If it actually happens to be a positive malware attachment, the delivery of the email is prevented.

Another recognition method used is freezing, which holds suspicious emails back or “freezes” them. Once the signatures for the scanning filters have been updated, a new scan of the retained file is performed. This ensures that the cryptolocker ransomware would not have had a chance to enter the companies’ systems.

CEO Fraud, Whaling and Phishing

The intention of many attackers is to get their hands on personal data, such as credit card information and logging data (whaling and phishing). From a financial point of view, these kind of cyber attacks are also very rewarding for the perpetrators. For example, CEO fraud tries to persuade employees under false pretenses to transfer funds, for example to offshore accounts.
 
There have already been cases where companies were scammed for several million dollars. Employee-related terminations are not a rarity in this context. Hornetsecuritys Advanced Threat Protection (ATP) provides a sustainable solution for enterprises where traditional IT security mechanisms fail. The analysis of a certain internal corporate communication structure reveals irregularities and prevents them through identity spoofing.

r

Blended Attacks

With Advanced Threat Protection (ATP), Hornetsecurity reliably secures your company against blended attacks. In this type of attack, cyber criminals use several vectors. PDF files or Office documents that are attached to an email and contain links to drive-by downloads are very popular with attackers.

Hornetsecurity’s Advanced Threat Protection (ATP) uses the following tools against blended attacks: URL scanning, URL rewriting, sandboxing, and freezing. With these features, your company is reliably protected.

R

Real-time alerts and employee awareness

As soon as Hornetsecurity Advanced Threat Protection (ATP) detects an attack, the user will receive a real-time alert about suspicious digital activities, which will allow companies to react quickly. This applies both to the initiation of internal company measures as well as legal measures. The user interface of the analysis engine allows companies to receive detailed information on individual attacks. Once a threat has been identified, the communications chain within the company can be used to inform other employees about incidents. Awareness raising among employees prevents, for example, the use of further attack vectors such as telephone lines.

R

Ex Post Analysis via Hornetsecurity Advanced Threat Protection (ATP)

The analysis not only takes place in real-time, but also after the attack. This way, emails, which were initially classified as safe, can be classified by the so-called “ex post alarm” as a threat at a later date. The chief information security officer of the companies has the opportunity to carry out a further detailed analysis, which significantly prevents the spreading of the attack.

t

The Targeted Fraud Forensic Engine

The Targeted Fraud Forensics consist of several recognition automatisms. They analyze malicious emails that cannot be recognized through a link or an attachment. In addition to the recognition of certain malicious patterns by the Intention Recognition System, Targeted Fraud Forensics also uses Feign Facts Identification. The mechanism recognizes false or manipulated notifications. If you would like to receive more information, then click here. There you will also get more detailed information about cryptolocker ransomware.

Read more about IT security in our blog

Visit our knowledge database

Did you like our article about Cryptolocker in the knowledge database? Then click here for the overview page of our knowledge database. There you will learn more about topics such as phishing, brute force attacks, GoBD, Cyber Kill Chain and Ransomware.