CryptoLocker is most often spread through booby-trapped email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.
These threats hijack a whole computer or its data and demand that a payment is made in order to unlock or decrypt them. The authors of these malicious threats have a very strong financial motive for infecting as many computers as possible, and have put substantial resources into making these threats prevalent. New variants are seen all the time.
File-encrypting malware is hardly new. This sort of diabolical threat has been around in various incarnations for years, but it seems to have intensified in recent months. For years, security experts have emphasized the importance of backing up one’s files as a hedge against disaster in the wake of a malware infestation. Unfortunately, if your backup drives are connected physically or via the local network to the PC that gets infected with CryptoLocker, your backups may also be encrypted as well.
Here are some simple steps to help you to reduce the threat of ransomware:
1. Do not pay the ransom!
Paying the ransom may seem like a realistic response, but it is only encouraging and funding these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files. Do not negotiate with the same aggressors that were holding your files hostage in the first place.
Instead, Do:
- Remove the impacted system from the network and remove the threat.
- Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
2. Do install, configure and maintain an endpoint security solution
With the endpoint being the final line of defense from any threat, a multi-faceted security solution should be employed. This solution should have protections for not just file-based threats (traditional AV), but should also include download protection, browser protection, heuristic technologies, firewall and a community sourced file reputation scoring system.
3. Do educate employees
One of the primary ways that these threats get into your network is through “Spear Phishing” attempts, where an unsolicited e-mail will come from an unknown sender with an attachment that is then executed. Make sure employees are educated on what to do when they receive emails from unknown senders with suspicious attachments or links.
4. Do employ content scanning and filtering on your mail servers
Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
5. Do make sure that all systems and software are up-to-date with relevant patches
Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.
6. Do limit end user access to mapped drives
The current ransomware threats are capable of browsing and encrypting data on any mapped drives that the end user has access to. Restricting the user permissions for the share or the underlying file system of a mapped drive will provide limits to what the threat has the ability to encrypt.
7. Do deploy and maintain a comprehensive backup solution.
The fastest way to regain access to your critical files is to have a backup of your data.
Check this video:
Protect against Ransomware with Symantec Endpoint Protection
https://www.youtube.com/watch?v=4QtFacd9NRM
Symantec Articles and Blogs:
Additional information about Ransomware threats
https://support.symantec.com/en_US/article.TECH211589.html
Recovering Ransomlocked Files Using Built-In Windows Tools
https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools
Ransomware Do's and Dont's: Protecting Critical Data
https://www-secure.symantec.com/connect/blogs/ransomware-dos-and-donts-protecting-critical-data