The GCS Blog

Cryptolocker and Ransom-ware Proving Too Much for Anti-Virus Products

Posted by Daryl Gleinser on Oct 9, 2015 12:57:54 PM
Find me on:

The latest way IT is frustrating business is Cryptolocker and it's many variants, commonly known as ransomware. These viruses enter your network, usually through an employee clicking a link in an email. The virus then encrypts your business data rendering it useless. Your options are to restore that data from an older version or to pay the ransom.

GCS has handled dozens of these infections.

If you're infected right now:

  1. Who is infected? Identifying the source is critical. Otherwise, you will find yourself in the same situation again immediately.In several cases, there have been multiple, simultaneous infections. Find them all and clean them or, at least, turn the systems off for now. 
  2. Check your backup. Can you recover these files? How old is the last backup? If the backup is current we recommend recovery. Overwrite the encrypted files.
  3. If you cannot recover from backup or the backup is too old, consider paying the ransom. Paying the ransom is not a guaranteed fix. Some have paid the ransom but still were unable to access the data. Others paid the ransom only to be immediately targeted again with a new round of emails to their staff. 

To prevent infection:

  1. A good backup can limit the damage, but a great backup can "undo" the problem almost instantly.  One of the big differences between great backups and good backups is the time it takes to recover large amounts of data.
  2. Anti-virus, firewalls, and other traditional security tools don't help much. They stop only the old and slow versions. New versions are coming out every day. Existing anti-virus tools are still useful in ensuring you don't get hit again.
  3. Training staff is a good idea but is no silver bullet. This won't help you today but might help you tomorrow.
  4. Add a layer of security with a DNS filtering services such as OpenDNS.

If you're actively struggling with Cryptolocker or want to tighten defenses for the next time, we can help.