The Perils of Interconnectedness and the Crypto Virus

Our current focus is on Security and Disaster Recovery. I have two examples:

First –

A few years ago a client of mine clicked on the wrong thing – an attachment on a UPS email.  He hadn’t shipped anything with UPS recently, but maybe someone sent him something?  It was loaded with the first variant of the CryptoLocker virus (also called crypto virus).

He called me the next day.  One key trait of Cryptolocker is that once your computer is infected it will search out connected drives – network, USB HD’s, flash drives, any share. It looks for and encrypts all kinds of documents, including word, excel, PowerPoint, JPG, PDF, PNG (all image types), and text files. Once it’s encrypted you will not get it back, unless : 1)You happen to have a backup or Shadow copies turned on, or 2)You PAY.  Instead of paying with a Credit Card, you pay with a Money PAC or BITCOIN as these are untraceable.

My client had backup drives connected to the server, so it was just a copy process as it was encrypted. He decided to pay – due to the data being very valuable – and it took him three days to get everything together, find the Money PAC, and then email the information.

He quickly got a reply that included the program and key to decrypt the files. It took 2 days to complete all the decryption.  I asked him to call me when it was done.  He didn’t.

He rebooted his computer and then started working.  It re-encrypted his computer and server again. The price was now double. The crypto virus strikes again.

Second –

Recently I got a call from a business.  They thought that the day before they might have been infected with a Crypto virus.  They didn’t call me until the next day.  I asked if they had turned the machine off, removed it from the network, etc.  I asked if any of the other machines were showing signs of being encrypted – especially the financial files.

The client didn’t seem too concerned.  I asked why.  They said that they could just pay it and move on.  This was part of the reason that they hadn’t called more quickly. I pointed out that it wasn’t a credit card payment, and these days it was ONLY BITCOIN and they were expensive and a pain to get.  I also mentioned that they were now on day 2 of the 72 hour clock.

I asked when the last time the computer was backed up was – it had been over a month. (DO FREQUENT BACKUPS, FOLKS!)  There was financial data encrypted so they asked if I could come over. With some tools and boot discs that I have I was able to recover some data from a few days before.  This was only possible because I happened to be the one that set up the PC and I turned on Shadow Copies.  They were grateful; I was relived.

In both instances, neither client was trying to find the latest despicable thing on the internet. They were just working.  They did have AV, but they both allowed the crypto virus to bypass the protections.

 

In Conclusion:

1) Run frequent, reliable backups and  2)  Turn on shadow copies.  OR: Call a good IT pro to help you do these things.

 

 

We have articles about phones, networks, servers, everything!

Follow us on Twitter – @TechnoTroy

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s