The spread of a malicious code called CryptoLocker, which comes with a $300 ransom fee, has continued to cause problems for IT security staff, according to security awareness training company KnowBe4. Also known as ransomware, the code is spread when a user clicks on an email attachment such as a fake tracing notice from UPS or FedEx.
“We have been getting a lot of system administrators calling us to request security awareness training because their end users have been tricked into opening up attachments of phishing emails and infected their workstations with the CryptoLocker malware,” CEO Stu Sjouwerman said in a statement. “It started last September and is not going away, but actually getting worse.”
CryptoLocker is particularly troublesome because it detects the user’s personal files, wraps it in a strong encryption with a ransom fee and little time to pay. Both local user and remote shared folders become infected, according to KnowBe4. Sjouwerman recommends that IT managers have an effective working backup, but even with that, administrators could spend an average of three hours wiping, rebuilding or reimaging the machine and restoring files.
Victims of the malicious code have included Greenland City Hall in New Hampshire, which lost eight years’ worth of records; Charlotte-based Goodson Law Firm; and the Swansea Police Department in Massachusetts, which paid a $750 ransom to have its files released.
Birmingham-based Cloud Technologies, Inc. announced this week that it has developed a backup & disaster recovery server that specifically negates the impact of the CryptoLocker virus. The server is placed next to production servers and workstations where it stores snapshot copies of the hard drive every 15 minutes. If a computer or server is attacked, the server can restore data from a period before the infection or can have a backup server available within minutes.
"For now the payment of ransom to the attackers and the resulting decryption key appear to be working to unlock the hostage data, but who knows how long that will work or what techniques these criminals will advance to next," Jeff Freeman, VP of IT, Cloud Technologies, said in a statement. "It is important for businesses to stay educated and take proactive measures to protect data.”