Just when it seemed 2013 might end without any
major security attacks, the CryptoLocker malware has surfaced and begun
creating havoc.
The virus acts as “ramsonware”- it takes computer files hostage and demands a ransom under the threat of erasing the data.
McAfee
APAC chief technology officer, Sean Duca, said CryptoLocker typically
infiltrates a system though a PDF attachment emailed by cyber criminals.
“If you open the attachment, it installs malware on your hard drive that lets hackers access your computer files,” he said.
“The files are then encrypted and you're unable to access them.”
The malware has already infected systems overseas, but Trend Micro
ANZ software architecture director, Jonathan Oliver, said the global
nature of the Internet means that it is finding its way locally as well.
“These attacks are very widespread globally, and this is impacting Australians,” he said.
No way out
From the analysis McAfee has done so far, a pattern in the cyber criminals’ behaviour has been detected.
“Once infected, the cyber criminals will contact the organisation or individual within two days, seeking payment,” Duca said.
“If they don’t pay up, their documents will be deleted.”
During
the blackmail phase, the cybercriminals will demand payment not in cash
or credit, but with a virtual currency called Bitcoin.
While
many malware in the past have taken the stealth route and attempted to
remain in a system anonymously, Trend Micro’s Oliver said it is “quite
obvious” when you are infected with CryptoLocker.
“What makes this malware significant compared to other attacks is that the impact on victims is significant,” he said.
Unlike other malware in the past, McAfee’s Duca points out that CryptoLocker comes with an added malicious angle.
“Even when you remove it, it does not restore the files,” he said.
One step ahead
While regular consumers are a target for CryptoLocker, McAfee’s Duca warns that any organisation could be targeted.
“Businesses
are particularly vulnerable to this attack because many haven’t
adequately protected file-sharing between employees,” he said.
“If
this is targeted to a user with higher privileges in an organisation
then potentially every document which could be accessed by that user
could be locked.”
As for what can be done to
overcome CryptoLocker, Trend Micro’s Oliver repeats the old age adage of
“prevention being better than the cure.”
“Put in place an automated backup solution and consider turning on enhanced antispam features such as IP reputation,” he said.
McAfee’s Duca also emphasised the importance of having “great backup” to get your files back.
“You also need up-to-date Windows and antivirus patches,” he said.
Another countermeasure that Trend Micro’s Oliver suggests is potentially putting in a stricter email policies.
“For
example, blocking zip files that contain executable files, as only
technical sophisticated users should ever receive such files,” he said.
Not
opening attachments from unknown senders also goes a long way, and
Oliver recommends employees talk to IT staff if they get an email with a
password in it.
arnnet.com.au 27 Nov 2013
The comments on the article are just as important as the article itself, which are as follows:
Dean Knowles
1
Wow. Only 10 weeks behind the times, ARN!. This has been infecting
Australian businesses as far back as beginning September (I know, I
have resolved this nightmare for several businesses)
And it is NOT quite true that the affected business will have their files deleted if they refuse to pay the ransom. Instead, the files remain, but remain encrypted.
And it is NOT quite true that the affected business will have their files deleted if they refuse to pay the ransom. Instead, the files remain, but remain encrypted.
Eugine Kaspersky
2
Spot on Dean, it would be nice if so called experts actually knew
what they were talking about!! A lot of general information and little
accurate detail!
No comments:
Post a Comment