The CryptoLocker ransom-ware exploit remains on of the most difficult security challenges that we face, since once all your personal data is encrypted, the only way back is either from an uninfected backup, or paying the cyber-criminals to receive your decryption key. The good news (well I guess it’s good news), is that the bad guys are playing fair and actually sending the decryption key and even providing a bit of tech support. Not all attempts to recover this way are successful, though. The following information comes from Hackin9 Magazine.
This week I received notification from a legal firm (after the fact) who had been infected with CryptoLocker Ransomware and all of their files where encrypted and held for ransom. Since they did not have backup shorter than a week their IT staff had recommend that they pay the ransom. They ended up having to pay $400 USD to get the files decrypted. They were lucky in that the criminals actually supplied the key and provided some technical assistance in retrieving the files. Goodson’s law firm in the North Carolina state capital Charlotte, had gone public on February 8, 2014 bravely admitting losing its entire cache of legal documents to the CryptoLocker Trojan despite attempting to pay the $300 ransom in a bid to have them unscrambled.
There is also an interesting article on CIO Magazine that details the experiences of other companies and a local police department.
The best solution I have found is to invest in an online backup system that provides something called “versioning.” While CryptoLocker’s encrypted files will gradually replace your backed-up files on most online backup systems, versioning provides older copies of backed-up documents to restore from, and these older copies are not replaced by encrypted file copies. For this type of protection we recommend Carbonite, but any backup system that provides versioning should work.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com