Leading IT Services and Solutions provider Blue Chip warn that infections of the ransomware Trojan CryptoLocker is on the rise, and businesses should take action to ensure they are protected from attacks.
Following a number of clients reporting CryptoLocker attacks, Blue Chip urge businesses and individuals alike to take precautions. Thought to have first appeared in September 2013, CryptoLocker is a type of ransomware – a type of malicious software, or “malware”, which infects a computer or network to limit or prevent use. A “ransom” is then demanded of the affected person or business to remove the limitations, usually with a short deadline for payment. In the case of CryptoLocker, there is a further threat; the malware works to encrypt files so that when the ransom is demanded, potentially vital files and folders are inaccessible and could be lost forever. Victims are then forced to make a decision between paying the amount asked, often through the digital payment system Bitcoin, or to have to try to restore data to a point prior to encryption.
With a survey by the University of Kent determining that in January 2014, 9.7% of their respondents had experienced some sort of ransomware attack – around twice as high as they expected – it is clear that vigilance is required. With CryptoLocker regularly being disguised by criminals in an email or attachment from seemingly legitimate companies - often as a bank transfer receipt, invoice or even seemingly sent by a customer complaining about a product or service - it is easy to see why there has been a surge in downloads by unsuspecting individuals. After several customers expressed concerns about such ransomware threats, Blue Chip worked hard to quickly develop three packages of work designed to prevent, mitigate and recover from any such infection. Offered to all clients, there was a large uptake to ensure that their company files and data were protected against the majority of CryptoLocker variants, and in a better position for data recovery against newer deviations. However, with new versions of CryptoLocker being developed and released regularly, the focus on data recovery becomes ever more essential, as one customer recently discovered.
Having opted for Blue Chip’s program of preventative work, approximately a fortnight later a customer reported an urgent and immediate need for intervention, as they had suffered a CryptoLocker attack. Whilst they were protected against all known varieties of this ransomware, they were unlucky to have been infected by “Zero-Day Malware” – that is, a previously-unreported or unseen variation for which no antivirus software signature has yet been developed. Fortunately, and unlike in many cases of CryptoLocker attacks, due to the preventative work undertaken by Blue Chip it was possible to recover the majority of the customer’s data without them having to pay for decryption.
One of Blue Chip’s Technical Team Leaders, Rob Goult, was the Lead Engineer responsible for the data recovery and reported that without pre-emptive action, the client could have lost more than 24 hours’ worth of data. As a manufacturer this would have seriously affected their revenue stream; however, having taken proactive steps to protect themselves, the destructive effect was dramatically lessened.
"Once the infection had been reported and identified, the encryption of our client’s files was halted and steps were taken to prevent reoccurrence,” said Rob. “Due to previous work completed, we were able to recover their data to a point 1 hour before the attack hit, therefore drastically reducing business impact.”
Previously feared irretrievable, not only was the vast majority of data rescued but identifying this brand new variant allowed Blue Chip to update other customers’ anti-malware provisions with identifying characteristics, therefore ensuring the protection of others against the latest threat. Nevertheless, Rob still advises caution to both businesses and individuals:
“Had our customer not chosen to deploy the proactive work to protect their environment, their data would have probably been lost forever. By taking steps to detect and prevent malicious activity and, most importantly, backing up critical data, we placed the customer in the best possible position to reduce business impact and return to normal as quickly as possible.”
To find out more about how Blue Chip can help protect and prepare you for CryptoLocker and other ransomware attacks, please call us on 0845 034 7222 or email email@example.com.