Updated: Jan 10, 2019
Malware just isn't what it used to be. Once upon a time, you'd get a piece of 'nasty software' on your computer and, after a bit of work, you could pretty much get rid of it and carry on. Sure, it was still an inconvenience, but that piece of software popping up telling you that your computer was infected, or that questionable material had been found on your computer, was just that - an inconvenience.
Welcome to the new world. New forms of malware based on the old style of "RansomWare" (software that 'held your computer hostage' until you got rid of the malware or paid the ransom) has become more complex and more dangerous. CryptoLocker and its countless variants have been proliferating across the internet and, once infected, it's no longer just an inconvenience - it's destructive.
What is CryptoMalware? It's a new form of RansomWare that encrypts the files on your computer - and any attached network drives - and gives you (depending on the variant) 48 to 72 hours to pay the ransom of anywhere from US$300 to US$500 or the decryption key would be destroyed and your files would become basically inaccessible. Forever.
What is the impact? Only you can answer for yourself. Ask yourself this question:
"If something (or someone) erased all the data from my computer, would it be an inconvenience or would it have significant impact on my business or family?"
It's a strong question but too often that is exactly the scenario that plays out after something like this CryptoLocker or even hardware failure take place. If you answered "yes" to the above question, the next question should immediately be "Do I have a backup of my important data?"
In a recent service call, one of my clients called to ask me what CryptoLocker was. After a bit more qualifying of the question, I found out that one of the employees had opened an email that infected the computer. The first thing to do in any case of infection is to take the computer off the network immediately but it was already too late.
To make sure you know what files have been encrypted, the 'datanappers' (think kidnappers but for data) show you exactly what they'll take away from you if you don't pay up. If you attempt to clean the computer, the encryption key will be destroyed and the files locked forever. In this case, the users "My Documents" and everything under it were affected. Additionally, because the computer was part of a business network, all of the network shared drives that this person had access to were also affected.
The impact? The person's files, email, stuff they needed to do their day-to-day work was all basically lost at that point. Additionally, the other people that shared the network were unable to access the files stored in the shared directories because they too were encrypted.
What were the options? Pay or recover from backup.
The police advise that you never pay a ransom to these cybercriminals. Doing so only legitimizes their criminal behaviour. But what if you don't have a backup? Your only option might be to indeed pay these people and hope that they actually deliver the decryption key so that you can access your files. There's no guarantee that they will - you are dealing with criminals after all.
In the case of the client above, we were able to restore the server from backup to a point a few days earlier before the malware was introduced. All was well for the network users. For the person that lost all of their files and email on their computer? Not such a happy ending. Sadly, there was no backup on the PC and the person didn't follow company standards for data storage (saving the work files to the user directory on the server). As such, all of their data was lost. The impact was minor based on the role of that particular employee, but it was still an impact felt by the company as a whole.
Backup. It's an all-encompassing word. It means 'everything will be ok'. It means backup of the server(s). It means backup of the workstations. It means testing and verifying that the backup works. It means having a strategy to save your business data or your personal memories, photos or documents in case things go bad. And they will.
There are two types of people in this world. People that have lost data and people that will lose data. If you've lost data, you already know the impact and you'll likely want to protect yourself. If you haven't yet lost data, please consider that you will. It's a sad inevitability.
The question is, do you have a backup?
If the answer is "yes", awesome! Did you test it? Do you know for certain that you can recover from it? Is it replicated elsewhere?
If the answer is "no", I would love to help you design and implement a backup strategy.
Please don't hesitate to call.